Your submission was sent successfully! Close

CVE-2021-39520

Published: 20 September 2021

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libjpeg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

hirsute Not vulnerable
(0.0~git20210129.91985dc-1build1)
impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (0.0~git20200925.f145908-1)
xenial Ignored
(out of standard support)
libjpeg-turbo
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
libjpeg6b
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
libjpeg9
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)

Notes

AuthorNote
jdstrand
libjpeg-turbo is a fork of libjpeg8
mdeslaur
file doesn't exist in libjpeg-turbo

References

Bugs