Your submission was sent successfully! Close

CVE-2020-13790

Published: 3 June 2020

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian
bionic
Released (1.5.2-0ubuntu5.18.04.4)
eoan
Released (2.0.3-0ubuntu1.19.10.1)
focal
Released (2.0.3-0ubuntu1.20.04.1)
precise
Released (1.1.90+svn733-0ubuntu4.6)
trusty
Released (1.3.0-0ubuntu2.1+esm1)
upstream Needs triage

xenial
Released (1.4.2-0ubuntu3.4)
Patches:
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a