CVE-2020-13790
Published: 03 June 2020
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Priority
Medium
CVSS 3 base score: 8.1
Status
| Package | Release | Status |
|---|---|---|
|
libjpeg-turbo Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.0.3-0ubuntu1.20.04.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.5.2-0ubuntu5.18.04.4)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1.4.2-0ubuntu3.4)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.3.0-0ubuntu2.1+esm1)
|
|
|
Patches: Upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a |
||