Published: 18/06/2022 Updated: 15/08/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The PPM reader in libjpeg-turbo up to and including 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libjpeg-turbo libjpeg-turbo

Synopsis Moderate: libjpeg-turbo security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

Several security issues were fixed in libjpeg-turbo ...

The PPM reader in libjpeg-turbo through 2090 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppmc (CVE-2021-46822) ...

CWE-787 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 https://access.redhat.com/errata/RHSA-2023:1068 https://ubuntu.com/security/notices/USN-5631-1 https://nvd.nist.gov

CVE-2021-46822

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect