Jump to:

CVE-2020-17541

Jump to:

CVE-2020-17541

Package libjpeg-turbo updated to version 2.0.2-alt1.c9f2.1 for branch c9f2 in task 287595.

Published: 2021-06-01
Modified: 2024-11-21

CVE-2020-17541

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://cwe.mitre.org/data/definitions/121.html
https://cwe.mitre.org/data/definitions/121.html
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392

Version: 2.1.0

Package libjpeg-turbo update in c9f2 on 2021-10-21

ALT-PU-2021-3093-1

Closed vulnerabilities

CVE-2020-17541