Search CVE reports
1 – 10 of 44 results
CVE-2021-29390
Medium prioritylibjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
3 affected packages
libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-2804
Medium priorityA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the...
3 affected packages
libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | — | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-35538
Medium priorityA crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
1 affected packages
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Fixed | Fixed | Not affected |
CVE-2022-37770
Low prioritylibjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37769
Low prioritylibjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37768
Low prioritylibjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35166
Low prioritylibjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-46822
Low prioritySome fixes available 1 of 2
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based...
1 affected packages
libjpeg-turbo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg-turbo | — | Not affected | Fixed | Not affected | Not affected |
CVE-2022-32978
Low priorityThere is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-32202
Medium priorityIn libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.
4 affected packages
libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libjpeg | Needs evaluation | Vulnerable | Vulnerable | — | — |
| libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
| libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |