Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jpeg libjpeg vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2020-14153
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
Ijg Libjpeg
605
VMScore
CVE-2012-2806
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
D.r.commander Libjpeg-turbo 1.2.0
383
VMScore
CVE-2014-9092
libjpeg-turbo prior to 1.3.1 allows remote malicious users to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
Libjpeg-turbo Libjpeg-turbo
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
685
VMScore
CVE-2017-9614
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote malicious users to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due...
D.r.commander Libjpeg-turbo 1.5.1
1 EDB exploit
516
VMScore
CVE-2020-14152
In IJG JPEG (aka libjpeg) prior to 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
Ijg Libjpeg
Debian Debian Linux 9.0
383
VMScore
CVE-2018-1152
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
Libjpeg-turbo Libjpeg-turbo 1.5.90
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
605
VMScore
CVE-2016-3616
The cjpeg utility in libjpeg allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
Libjpeg-turbo Libjpeg-turbo 7.4
Redhat Enterprise Linux 7.4
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 12.04
1 Github repository
445
VMScore
CVE-2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo up to and including 1.3.0, as used in Google Chrome prior to 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that fol...
Google Chrome
Oracle Solaris 11.3
Artifex Gpl Ghostscript
Libjpeg-turbo Libjpeg-turbo
Fedoraproject Fedora 18
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox Esr
384
VMScore
CVE-2018-11213
An issue exists in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote malicious users to cause a denial of service (Segmentation fault) via a crafted file.
Ijg Libjpeg 9a
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
384
VMScore
CVE-2018-11214
An issue exists in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote malicious users to cause a denial of service (Segmentation fault) via a crafted file.
Ijg Libjpeg 9a
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »