ALT-BU-2020-3901-1
Branch p9 update bulletin.
Closed vulnerabilities
BDU:2021-01309
Уязвимость функции get_8bit_row (rdbmp.c) библиотеки программ libjpeg, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01352
Уязвимость функции start_input_ppm из rdppm.c библиотеки для работы с изображениями libjpeg-turbo, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1343
- openSUSE-SU-2019:1343
- RHSA-2019:2052
- RHSA-2019:2052
- RHSA-2019:3705
- RHSA-2019:3705
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/mozilla/mozjpeg/issues/299
- https://github.com/mozilla/mozjpeg/issues/299
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- FEDORA-2019-87e2fa8e0f
- FEDORA-2019-87e2fa8e0f
- USN-4190-1
- USN-4190-1
Modified: 2024-11-21
CVE-2020-13790
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
- openSUSE-SU-2020:1413
- openSUSE-SU-2020:1458
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- FEDORA-2020-f09ecf5985
- FEDORA-2020-86fa578c8d
- GLSA-202010-03
- USN-4386-1
- openSUSE-SU-2020:1413
- USN-4386-1
- GLSA-202010-03
- FEDORA-2020-86fa578c8d
- FEDORA-2020-f09ecf5985
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
- openSUSE-SU-2020:1458
Modified: 2024-11-21
CVE-2020-17541
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.