CVE-2020-17541Out-of-bounds Write in Libjpeg-turbo

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
0.5%
top 34.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libjpeg-turboDebian Libjpeg-turboMsrc Cbl2 Libjpeg-turbo 2.0.0-9 ON CBL Mariner 2.0+1 more
Timeline
PublishedJun 1
Latest updateSep 22

Description

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

debiandebian/libjpeg-turbo< libjpeg-turbo 1:2.0.5-1 (bookworm)
Debianlibjpeg-turbo/libjpeg-turbo< 1:2.0.5-1+3
Ubuntulibjpeg-turbo/libjpeg-turbo< 1.5.2-0ubuntu5.18.04.6+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
libjpeg-turbo vulnerabilities2022-09-22
OSV
libjpeg-turbo vulnerabilities2022-08-08
GHSA
GHSA-vhxw-68wq-v5j9: Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component2022-05-24
OSV
CVE-2020-17541: Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component2021-06-01

📋Vendor Advisories

5
Ubuntu
libjpeg-turbo vulnerabilities2022-09-22
Ubuntu
libjpeg-turbo vulnerabilities2022-08-08
Microsoft
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial 2021-06-08
Red Hat
libjpeg-turbo: Stack-based buffer overflow in the "transform" component2021-06-01
Debian
CVE-2020-17541: libjpeg-turbo - Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" ...2020
CVE-2020-17541 — Out-of-bounds Write in Libjpeg-turbo | cvebase