6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libjpeg-turbo is vulnerable to denial of service. A heap-based buffer over-read in the function get_8bit_row
in rdbmp.c
allows an attacker to cause a denial of service using a malicious 80-bit BMP.
CPE | Name | Operator | Version |
---|---|---|---|
libjpeg-turbo | eq | 1.5.3__7.el8 | |
libjpeg-turbo | eq | 1.2.90__6.el7 |
lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2052
access.redhat.com/errata/RHSA-2019:3705
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1318509
github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
github.com/libjpeg-turbo/libjpeg-turbo/issues/258
github.com/mozilla/mozjpeg/issues/299
lists.debian.org/debian-lts-announce/2019/03/msg00021.html
lists.debian.org/debian-lts-announce/2020/07/msg00033.html
lists.fedoraproject.org/archives/list/[email protected]/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
usn.ubuntu.com/4190-1/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P