CVE-2020-14153

Note

patch in libjpeg9 9d appears to be:
-      entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no];
+      entropy->ac_cur_tbls[blkn] =	/* AC needs no table when not present */
+	cinfo->lim_Se ? entropy->ac_derived_tbls[compptr->ac_tbl_no] : NULL;

per upstream libjpeg-turbo bug, libjpeg-turbo is not vulnerable
to this issue

Package	Release	Status
libjpeg-turbo Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	precise	Not vulnerable
	trusty	Not vulnerable
	upstream	Not vulnerable
	xenial	Not vulnerable
libjpeg6b Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable
	jammy	Not vulnerable
	precise	Does not exist
	trusty	Not vulnerable
	upstream	Not vulnerable
	xenial	Ignored (end of standard support, was not-affected)
libjpeg9 Launchpad, Ubuntu, Debian	bionic	Needed
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (1:9d-1)
	groovy	Not vulnerable (1:9d-1)
	hirsute	Not vulnerable (1:9d-1)
	impish	Not vulnerable (1:9d-1)
	jammy	Not vulnerable (1:9d-1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (9d)
	xenial	Ignored (end of standard support, was needed)

CVE-2020-14153

Low

Status

Notes

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading