Vulnerability CVE-2020-13790: Information
Description
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libjpeg-turbo | sisyphus | 2.0.6-alt1 | 3.0.2-alt2.1 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | sisyphus_riscv64 | 2.0.6-alt0.4.rv64 | 3.0.2-alt2.1 | ALT-PU-2021-4726-1 | - | Fixed |
libjpeg-turbo | p10 | 2.0.6-alt1 | 2.1.5.1-alt1.p10.2 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | c10f1 | 2.0.6-alt1 | 2.1.2-alt1.2 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | p11 | 2.0.6-alt1 | 3.0.2-alt2.1 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg8 | sisyphus | 2.0.5-alt1 | 3.0.3-alt1 | ALT-PU-2020-2229-1 | 253966 | Fixed |
libjpeg8 | p10 | 2.0.5-alt1 | 2.1.0-alt1.1 | ALT-PU-2020-2229-1 | 253966 | Fixed |
libjpeg8 | p9 | 2.0.5-alt1 | 2.0.5-alt1 | ALT-PU-2020-2252-1 | 253974 | Fixed |
libjpeg8 | c10f1 | 2.0.5-alt1 | 2.1.0-alt1.1 | ALT-PU-2020-2229-1 | 253966 | Fixed |
libjpeg8 | c9f2 | 2.0.5-alt1 | 2.0.5-alt1 | ALT-PU-2020-2252-1 | 253974 | Fixed |
libjpeg8 | p11 | 2.0.5-alt1 | 3.0.3-alt1 | ALT-PU-2020-2229-1 | 253966 | Fixed |