CVE-2020-13790

Published: 3 June 2020

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Priority

CVSS 3 base score: 8.1

Status

Package	Release	Status
libjpeg-turbo Launchpad, Ubuntu, Debian	bionic	Released (1.5.2-0ubuntu5.18.04.4)
	eoan	Released (2.0.3-0ubuntu1.19.10.1)
	focal	Released (2.0.3-0ubuntu1.20.04.1)
	precise	Released (1.1.90+svn733-0ubuntu4.6)
	trusty	Released (1.3.0-0ubuntu2.1+esm1)
	upstream	Needs triage
	xenial	Released (1.4.2-0ubuntu3.4)
	Patches: upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.