Your submission was sent successfully! Close

CVE-2020-14152

Published: 15 June 2020

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Notes

AuthorNote
mdeslaur 
looks like this was fixed a long time ago in libjpeg-turbo
Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(1.5.2-0ubuntu5.18.04.4)
eoan Not vulnerable
(2.0.3-0ubuntu1.19.10.1)
focal Not vulnerable
(2.0.3-0ubuntu1.20.04.1)
groovy Not vulnerable
(2.0.3-0ubuntu2)
hirsute Not vulnerable
(2.0.3-0ubuntu2)
impish Not vulnerable
(2.0.3-0ubuntu2)
jammy Not vulnerable
(2.0.3-0ubuntu2)
precise Ignored
(end of ESM support, was needs-triage)
trusty
Released (1.3.0-0ubuntu2.1+esm2)
upstream
Released (1:1.5.1-2+deb9u1, 1:1.5.2-2+den10u1)
xenial
Released (1.4.2-0ubuntu3.4+esm1)
Patches:
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
libjpeg6b
Launchpad, Ubuntu, Debian 		bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty
Released (6b1-4ubuntu1+esm1)
upstream Needed

xenial Ignored
(end of standard support, was needed)
libjpeg9
Launchpad, Ubuntu, Debian 		bionic Needed

eoan Ignored
(reached end-of-life)
focal Not vulnerable
(1:9d-1)
groovy Not vulnerable
(1:9d-1)
hirsute Not vulnerable
(1:9d-1)
impish Not vulnerable
(1:9d-1)
jammy Not vulnerable
(1:9d-1)
precise Does not exist

trusty Does not exist

upstream
Released (9d)
xenial Ignored
(end of standard support, was needed)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading