github - ghsa-3rgw-2fpg-85mq

ghsa-3rgw-2fpg-85mq

Vulnerability from github

Published

2022-05-24 17:19

Modified

2022-05-24 17:19

Details

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-13790"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-03T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
  "id": "GHSA-3rgw-2fpg-85mq",
  "modified": "2022-05-24T17:19:03Z",
  "published": "2022-05-24T17:19:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202010-03"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4386-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-13790 (GCVE-0-2020-13790)

Vulnerability from cvelistv5

Published

2020-06-03 18:56

Modified

2024-08-04 12:25

Severity ?

CWE

Summary

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

References

►

URL

Tags

	https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433	x_refsource_MISC
	https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a	x_refsource_MISC
	https://usn.ubuntu.com/4386-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/202010-03	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website