Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 44 results


CVE-2020-17541

Low priority

Some fixes available 4 of 5

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-20205

Low priority
Not affected

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected
Show less packages

CVE-2020-14153

Low priority

Some fixes available 1 of 8

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

3 affected packages

libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Vulnerable
libjpeg9 Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2020-14152

Low priority

Some fixes available 5 of 19

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

3 affected packages

libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected Not affected Fixed
libjpeg6b Vulnerable Vulnerable Vulnerable Vulnerable Fixed
libjpeg9 Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2020-13790

Medium priority
Fixed

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Fixed Fixed Fixed
Show less packages

CVE-2019-2201

Medium priority
Fixed

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution...

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Fixed Fixed
Show less packages

CVE-2019-13960

Negligible priority
Ignored

** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation,...

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected
Show less packages

CVE-2018-14498

Low priority

Some fixes available 3 of 4

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of...

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-20330

Low priority

Some fixes available 2 of 3

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected
Show less packages

CVE-2018-19664

Low priority

Some fixes available 2 of 3

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.

1 affected packages

libjpeg-turbo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected
Show less packages