libjpeg-turbo: CVE-2020-13790 #2190

KexyBiscuit · 2020-06-10T06:48:16Z

CVE IDs: CVE-2020-13790

Other security advisory IDs: USN-4386-1

Description: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Patches: rdppm.c: Fix buf overrun caused by bad binary PPM

PoC(s): Heap-based buffer over-read in get_rgb_row() in rdppm.c

Architectural progress:

AMD64 amd64
- 32-bit Optional Environment optenv32
AArch64 arm64

The text was updated successfully, but these errors were encountered:

MingcongBai · 2020-07-17T20:43:20Z

All done. Closing.

@l2dy Please assign an AOSA.

l2dy · 2020-08-03T06:17:43Z

Use AOSA-2020-0133.

KexyBiscuit added security Topic/issue involves a security issue/fixed to-stable labels Jun 10, 2020

KexyBiscuit added this to the Summer 2020 milestone Jun 10, 2020

MingcongBai added a commit that referenced this issue Jun 14, 2020

libjpeg-turbo{,+32}: (upstream patch) #2190

12d0f09

KexyBiscuit mentioned this issue Jun 14, 2020

[FROZEN] Iteration Plan for Spring 2020 #2124

Closed

MingcongBai closed this as completed Jul 17, 2020

MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Jul 17, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libjpeg-turbo: CVE-2020-13790 #2190

libjpeg-turbo: CVE-2020-13790 #2190

KexyBiscuit commented Jun 10, 2020 •

edited by MingcongBai

Loading

MingcongBai commented Jul 17, 2020

l2dy commented Aug 3, 2020

libjpeg-turbo: CVE-2020-13790 #2190

libjpeg-turbo: CVE-2020-13790 #2190

Comments

KexyBiscuit commented Jun 10, 2020 • edited by MingcongBai Loading

MingcongBai commented Jul 17, 2020

l2dy commented Aug 3, 2020

KexyBiscuit commented Jun 10, 2020 •

edited by MingcongBai

Loading