CVE-2021-29390Out-of-bounds Write in Libjpeg-turbo

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 79.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libjpeg-turboFedoraproject FedoraDebian Libjpeg-turbo
Timeline
PublishedAug 22

Description

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

Ubuntulibjpeg-turbo/libjpeg-turbo< 2.1.2-0ubuntu1+1

Also affects: Fedora 37, 38, 39

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2021-29390: libjpeg-turbo version 22023-08-22
GHSA
GHSA-3f9q-r2pw-87vm: libjpeg-turbo version 22023-08-22

📋Vendor Advisories

2
Red Hat
libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c2023-08-22
Debian
CVE-2021-29390: libjpeg-turbo - libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in deco...2021