libjpeg-turbo

Top products

The 15 most recently published vulnerabilities affecting libjpeg-turbo.

• CVE-2021-29390libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.7.1Aug 22, 2023
• CVE-2023-2804A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision...6.5May 25, 2023
• CVE-2020-35538A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.5.5Aug 31, 2022
• CVE-2021-46822The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. Th...5.5Jun 18, 2022
• CVE-2020-17541Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or deni...8.8Jun 1, 2021
• CVE-2021-20205Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.6.5Mar 10, 2021
• CVE-2020-13790libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.8.1Jun 3, 2020
• CVE-2019-13960In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendo...5.5Jul 18, 2019
• CVE-2018-14498get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-b...6.5Mar 7, 2019
• CVE-2018-20330The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demo...8.8Dec 21, 2018
• CVE-2018-19664libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.6.5Nov 29, 2018
• CVE-2018-1152libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.6.5Jun 18, 2018
• CVE-2017-15232libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.6.5Oct 11, 2017
• CVE-2014-9092libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.6.5Oct 10, 2017
• CVE-2016-3616The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.8.8Feb 13, 2017