Search CVE reports
1 – 10 of 27 results
CVE-2021-29390
Medium prioritylibjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
3 affected packages
libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-2804
Medium priorityA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the...
3 affected packages
libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg6b | — | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | — | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37770
Low prioritylibjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37769
Low prioritylibjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37768
Low prioritylibjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35166
Low prioritylibjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-32978
Low priorityThere is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-32202
Medium priorityIn libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Vulnerable | Vulnerable | — | — |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-32201
Medium priorityIn libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Needs evaluation | Vulnerable | Vulnerable | — | — |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-31796
Low prioritylibjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
4 affected packages
libjpeg, libjpeg6b, libjpeg9, libjpeg-turbo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjpeg | Vulnerable | Vulnerable | Vulnerable | — | — |
libjpeg6b | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg9 | Not affected | Not affected | Not affected | Not affected | Not affected |
libjpeg-turbo | Not affected | Not affected | Not affected | Not affected | Not affected |