Search CVE reports
1 – 10 of 44 results
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
3 affected packages
libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the...
3 affected packages
libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Not affected | Not affected |
| libjpeg6b | — | Not affected | Not affected | Not affected |
| libjpeg9 | — | Not affected | Not affected | Not affected |
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Fixed | Fixed |
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 2
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based...
1 affected package
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Fixed | Not affected |
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | — |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libjpeg | Needs evaluation | Vulnerable | Vulnerable | — |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected |