Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libjpeg-turbo libjpeg-turbo vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-29390
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
Libjpeg-turbo Libjpeg-turbo 2.0.90
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2023-2804
A heap-based buffer overflow issue exists in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an atta...
Libjpeg-turbo Libjpeg-turbo 2.1.90
5.5
CVSSv3
CVE-2020-35538
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
Libjpeg-turbo Libjpeg-turbo 2.0.5
5.5
CVSSv3
CVE-2021-46822
The PPM reader in libjpeg-turbo up to and including 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row f...
Libjpeg-turbo Libjpeg-turbo
8.8
CVSSv3
CVE-2021-37972
Out of bounds read in libjpeg-turbo in Google Chrome before 94.0.4606.54 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
Libjpeg-turbo Libjpeg-turbo
NA
CVE-2021-0384
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
6.5
CVSSv3
CVE-2021-20205
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
Libjpeg-turbo Libjpeg-turbo 2.0.90
Fedoraproject Fedora 34
7.1
CVSSv3
CVE-2020-14152
In IJG JPEG (aka libjpeg) prior to 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
Ijg Libjpeg
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2020-13790
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Libjpeg-turbo Libjpeg-turbo 2.0.4
Mozilla Mozjpeg 4.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »