Libjpeg Security Vulnerabilities
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in...
7.1CVSS
6.9AI Score
0.001EPSS
libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...
6.5CVSS
6.5AI Score
0.001EPSS
libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...
6.5CVSS
6.2AI Score
0.001EPSS
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could....
6.5CVSS
6.3AI Score
0.001EPSS
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by...
5.5CVSS
5.5AI Score
0.001EPSS
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...
6.5CVSS
6.2AI Score
0.001EPSS
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...
6.5CVSS
6.2AI Score
0.001EPSS
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component...
7.5CVSS
7.5AI Score
0.001EPSS
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component...
5.5CVSS
5.5AI Score
0.001EPSS
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in...
5.5CVSS
5.8AI Score
0.001EPSS
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS...
6.5CVSS
6.4AI Score
0.001EPSS
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in...
5.5CVSS
5.3AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.001EPSS
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and...
6.5CVSS
6.5AI Score
0.001EPSS
In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer...
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of...
6.5CVSS
6.3AI Score
0.001EPSS
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target...
8.8CVSS
8.9AI Score
0.004EPSS
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF...
6.5CVSS
6.1AI Score
0.001EPSS
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory...
7.1CVSS
7.2AI Score
0.001EPSS
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table...
7.1CVSS
6.8AI Score
0.002EPSS
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input...
8.1CVSS
7.8AI Score
0.011EPSS
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the...
5.5CVSS
6.1AI Score
0.001EPSS
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette...
6.5CVSS
6.7AI Score
0.002EPSS
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by...
8.8CVSS
8.1AI Score
0.003EPSS
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by...
6.5CVSS
6.9AI Score
0.001EPSS
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP...
6.5CVSS
6.4AI Score
0.008EPSS
7.5CVSS
7.1AI Score
0.007EPSS
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted...
6.5CVSS
6.7AI Score
0.007EPSS
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted...
6.5CVSS
6.2AI Score
0.006EPSS
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted...
6.5CVSS
6.7AI Score
0.007EPSS
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG...
6.5CVSS
6.3AI Score
0.002EPSS
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif...
6.5CVSS
6.2AI Score
0.011EPSS
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream.....
8.8CVSS
8.8AI Score
0.016EPSS
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted...
8.8CVSS
7.8AI Score
0.019EPSS
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG...
6.1AI Score
0.003EPSS
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG...
7.9AI Score
0.014EPSS