Debian Libjpeg-Turbo vulnerabilities

CVE-2023-2804 [MEDIUM] CVE-2023-2804: libjpeg-turbo - A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merge... A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 1

CVE-2021-46822 [MEDIUM] CVE-2021-46822: libjpeg-turbo - The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for... The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. Scope: local bookworm: resolved (fixed in 1:2.1.1-1) bullseye: open fork

CVE-2021-20205 [MEDIUM] CVE-2021-20205: libjpeg-turbo - Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vu... Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-29390 [HIGH] CVE-2021-29390: libjpeg-turbo - libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in deco... libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-13790 [HIGH] CVE-2020-13790: libjpeg-turbo - libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get... libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2020-35538 [MEDIUM] CVE-2020-35538: libjpeg-turbo - A crafted input file could cause a null pointer dereference in jcopy_sample_rows... A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. Scope: local bookworm: resolved (fixed in 1:2.0.6-1) bullseye: resolved (fixed in 1:2.0.6-1) forky: resolved (fixed in 1:2.0.6-1) sid: resolved (fixed in 1:2.0.6-1) trixie: resolved (fixed in 1:2.0.6-1)

CVE-2020-17541 [HIGH] CVE-2020-17541: libjpeg-turbo - Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" ... Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1

CVE-2020-14153 [HIGH] CVE-2020-14153: libjpeg-turbo - In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-boun... In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-14152 [HIGH] CVE-2020-14152: libjpeg-turbo - In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg... In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. Scope: local bookworm: resolved (fixed in 1:1.5.2-1) bullseye: resolved (fixed in 1:1.5.2-1) forky: resolved (fixed in 1:1.5.2-1) sid: resolved (fixed in 1:1.5.2-1) trixie: resolved (fixed

CVE-2019-2201 [HIGH] CVE-2019-2201: libjpeg-turbo - In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possibl... In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10A

CVE-2018-11213 [MEDIUM] CVE-2018-11213: libjpeg-turbo - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c... An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fi

CVE-2018-11214 [MEDIUM] CVE-2018-11214: libjpeg-turbo - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c ... An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fix

CVE-2018-11212 [MEDIUM] CVE-2018-11212: libjpeg-turbo - An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemm... An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolv

CVE-2018-20330 [HIGH] CVE-2018-20330: libjpeg-turbo - The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a r... The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-1152 [MEDIUM] CVE-2018-1152: libjpeg-turbo - libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused b... libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2018-19664 [MEDIUM] CVE-2018-19664: libjpeg-turbo - libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows func... libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-14498 [MEDIUM] CVE-2018-14498: libjpeg-turbo - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.... get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye:

CVE-2018-11813 [HIGH] CVE-2018-11813: libjpeg-turbo - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2017-15232 [MEDIUM] CVE-2017-15232: libjpeg-turbo - libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c v... libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2016-3616 [HIGH] CVE-2016-3616: libjpeg-turbo - The cjpeg utility in libjpeg allows remote attackers to cause a denial of servic... The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fixe