Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-14153
HistoryJun 15, 2020 - 12:00 a.m.

CVE-2020-14153

2020-06-1500:00:00
ubuntu.com
ubuntu.com
8

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.002 Low

EPSS

Percentile

53.2%

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an
out-of-bounds array read for certain table pointers.

Bugs

Notes

Author Note
mdeslaur patch in libjpeg9 9d appears to be: - entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no]; + entropy->ac_cur_tbls[blkn] = /* AC needs no table when not present */ + cinfo->lim_Se ? entropy->ac_derived_tbls[compptr->ac_tbl_no] : NULL; per upstream libjpeg-turbo bug, libjpeg-turbo is not vulnerable to this issue
ccdm94 due to the same reasoning provided by the libjpeg-turbo upstream in issue https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445, it is safe to assume that libjpeg6b is also not vulnerable to this.
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchlibjpeg6b< anyUNKNOWN
ubuntu18.04noarchlibjpeg9< anyUNKNOWN
ubuntu16.04noarchlibjpeg9< 1:9b-1ubuntu1+esm1UNKNOWN

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.002 Low

EPSS

Percentile

53.2%