CVE-2021-20205

Published: 10 March 2021

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libjpeg-turbo Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (debian: Vulnerable code introduced later)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20205
NVD
Launchpad
Debian

Bugs

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493
https://bugzilla.redhat.com/show_bug.cgi?id=1937385

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›