Debian Libjpeg9 vulnerabilities

CVE-2020-14153 [HIGH] CVE-2020-14153: libjpeg-turbo - In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-boun... In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2020-14152 [HIGH] CVE-2020-14152: libjpeg-turbo - In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg... In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. Scope: local bookworm: resolved (fixed in 1:1.5.2-1) bullseye: resolved (fixed in 1:1.5.2-1) forky: resolved (fixed in 1:1.5.2-1) sid: resolved (fixed in 1:1.5.2-1) trixie: resolved (fixed

CVE-2018-11213 [MEDIUM] CVE-2018-11213: libjpeg-turbo - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c... An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fi

CVE-2018-11214 [MEDIUM] CVE-2018-11214: libjpeg-turbo - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c ... An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fix

CVE-2018-11212 [MEDIUM] CVE-2018-11212: libjpeg-turbo - An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemm... An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolv

CVE-2018-11813 [HIGH] CVE-2018-11813: libjpeg-turbo - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2017-15232 [MEDIUM] CVE-2017-15232: libjpeg-turbo - libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c v... libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Scope: local bookworm: resolved (fixed in 1:2.0.5-1) bullseye: resolved (fixed in 1:2.0.5-1) forky: resolved (fixed in 1:2.0.5-1) sid: resolved (fixed in 1:2.0.5-1) trixie: resolved (fixed in 1:2.0.5-1)

CVE-2016-3616 [HIGH] CVE-2016-3616: libjpeg-turbo - The cjpeg utility in libjpeg allows remote attackers to cause a denial of servic... The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Scope: local bookworm: resolved (fixed in 1:1.4.2-1) bullseye: resolved (fixed in 1:1.4.2-1) forky: resolved (fixed in 1:1.4.2-1) sid: resolved (fixed in 1:1.4.2-1) trixie: resolved (fixe