Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libjpeg vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-43581
An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK prior to 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, c...
Opendesign Prc Sdk
8.8
CVSSv3
CVE-2021-37972
Out of bounds read in libjpeg-turbo in Google Chrome before 94.0.4606.54 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
Libjpeg-turbo Libjpeg-turbo
8.8
CVSSv3
CVE-2018-20330
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
Libjpeg-turbo Libjpeg-turbo 2.0.1
8.8
CVSSv3
CVE-2017-9614
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote malicious users to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due...
D.r.commander Libjpeg-turbo 1.5.1
1 EDB exploit
8.8
CVSSv3
CVE-2016-3616
The cjpeg utility in libjpeg allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
Libjpeg-turbo Libjpeg-turbo 7.4
Redhat Enterprise Linux 7.4
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 12.04
1 Github repository
8.1
CVSSv3
CVE-2020-13790
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Libjpeg-turbo Libjpeg-turbo 2.0.4
Mozilla Mozjpeg 4.0.0
7.8
CVSSv3
CVE-2019-2201
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for ...
Google Android 8.0
Google Android 8.1
Google Android 9.0
Google Android 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
2 Github repositories
7.8
CVSSv3
CVE-2017-8826
FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Acc...
Faststone Image Viewer 6.2
7.8
CVSSv3
CVE-2016-6702
A remote code execution vulnerability in libjpeg in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, and 5.1.x prior to 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High ...
Google Android 4.0.2
Google Android 4.0.3
Google Android 4.0.4
Google Android 4.1
Google Android 5.1.0
Google Android 4.3
Google Android 4.3.1
Google Android 4.4
Google Android 4.4.1
Google Android 4.4.2
Google Android 4.0.1
Google Android 4.1.2
Google Android 4.2.1
Google Android 4.4.3
Google Android 5.0.1
Google Android 4.0
Google Android 4.2
Google Android 4.2.2
Google Android 5.0
Google Android 5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »