Your submission was sent successfully! Close

CVE-2020-35538

Published: 31 August 2022

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian
bionic
Released (1.5.2-0ubuntu5.18.04.6)
focal
Released (2.0.3-0ubuntu1.20.04.3)
jammy Not vulnerable
(2.1.2-0ubuntu1)
trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/a46c111d9f3642f0ef3819e7298846ccc61869e0