All errata/c10f1/ALT-PU-2023-7096-2
ALT-PU-2023-7096-2

Package update libjpeg-turbo in branch c10f1

Version2.1.2-alt1.2
Task#334044
Published2023-11-20
Max severityMEDIUM
Severity:

Closed issues (1)

CVE-2021-46822
MEDIUM5.5

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Published: 2022-06-18Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References