Your submission was sent successfully! Close

CVE-2020-14153

Published: 15 June 2020

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

Notes

AuthorNote
mdeslaur
patch in libjpeg9 9d appears to be:
-      entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no];
+      entropy->ac_cur_tbls[blkn] =	/* AC needs no table when not present */
+	cinfo->lim_Se ? entropy->ac_derived_tbls[compptr->ac_tbl_no] : NULL;

per upstream libjpeg-turbo bug, libjpeg-turbo is not vulnerable
to this issue
ccdm94
due to the same reasoning provided by the libjpeg-turbo upstream in issue
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445, it is safe to
assume that libjpeg6b is also not vulnerable to this.
Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian
bionic Not vulnerable

eoan Ignored
(reached end-of-life)
focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

kinetic Not vulnerable

precise Not vulnerable

trusty Not vulnerable

upstream Not vulnerable

xenial Not vulnerable

libjpeg6b
Launchpad, Ubuntu, Debian
bionic Not vulnerable

eoan Ignored
(reached end-of-life)
focal Not vulnerable

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable

jammy Not vulnerable

kinetic Not vulnerable

precise Does not exist

trusty Not vulnerable

upstream Not vulnerable

xenial Ignored
(end of standard support, was not-affected)
libjpeg9
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Not vulnerable
(1:9d-1)
groovy Not vulnerable
(1:9d-1)
hirsute Not vulnerable
(1:9d-1)
impish Not vulnerable
(1:9d-1)
jammy Not vulnerable
(1:9d-1)
kinetic Not vulnerable
(1:9d-1)
precise Does not exist

trusty Does not exist

upstream
Released (9d)
xenial Ignored
(end of standard support, was needed)