Your submission was sent successfully! Close

CVE-2020-14152

Published: 15 June 2020

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Notes

AuthorNote
mdeslaur
looks like this was fixed a long time ago in libjpeg-turbo
Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1.5.2-0ubuntu5.18.04.4)
eoan Not vulnerable
(2.0.3-0ubuntu1.19.10.1)
focal Not vulnerable
(2.0.3-0ubuntu1.20.04.1)
groovy Not vulnerable
(2.0.3-0ubuntu2)
hirsute Not vulnerable
(2.0.3-0ubuntu2)
impish Not vulnerable
(2.0.3-0ubuntu2)
jammy Not vulnerable
(2.0.3-0ubuntu2)
precise Ignored
(end of ESM support, was needs-triage)
trusty
Released (1.3.0-0ubuntu2.1+esm2)
upstream
Released (1:1.5.1-2+deb9u1, 1:1.5.2-2+den10u1)
xenial
Released (1.4.2-0ubuntu3.4+esm1)
Patches:
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
libjpeg6b
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty
Released (6b1-4ubuntu1+esm1)
upstream Needed

xenial Ignored
(end of standard support, was needed)
libjpeg9
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Not vulnerable
(1:9d-1)
groovy Not vulnerable
(1:9d-1)
hirsute Not vulnerable
(1:9d-1)
impish Not vulnerable
(1:9d-1)
jammy Not vulnerable
(1:9d-1)
precise Does not exist

trusty Does not exist

upstream
Released (9d)
xenial Ignored
(end of standard support, was needed)