CVE-2021-46822Out-of-bounds Write in Libjpeg-turbo

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.1%
top 65.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libjpeg-turboDebian Libjpeg-turboMsrc CM1 Libjpeg-turbo 2.1.2-1 ON CBL Mariner 1.0
Timeline
PublishedJun 18
Latest updateSep 22

Description

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/libjpeg-turbo< libjpeg-turbo 1:2.1.1-1 (bookworm)
Debianlibjpeg-turbo/libjpeg-turbo< 1:2.1.1-1+2
Ubuntulibjpeg-turbo/libjpeg-turbo< 1.5.2-0ubuntu5.18.04.6+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
libjpeg-turbo vulnerabilities2022-09-22
GHSA
GHSA-p468-hq86-gghc: The PPM reader in libjpeg-turbo through 22022-06-19
OSV
CVE-2021-46822: The PPM reader in libjpeg-turbo through 22022-06-18

📋Vendor Advisories

4
Ubuntu
libjpeg-turbo vulnerabilities2022-09-22
Microsoft
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This 2022-06-14
Red Hat
libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c2021-04-07
Debian
CVE-2021-46822: libjpeg-turbo - The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for...2021