Vulnerability CVE-2020-17541: Information

Description

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-17541
Published: June 1, 2021
Modified: Nov. 7, 2022
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libjpeg-turbosisyphus2.0.6-alt13.0.2-alt2.1ALT-PU-2021-1392-1266888Fixed
libjpeg-turbosisyphus_riscv642.0.6-alt0.4.rv643.0.2-alt2.1ALT-PU-2021-4726-1-Fixed
libjpeg-turbop102.0.6-alt12.1.5.1-alt1.p10.2ALT-PU-2021-1392-1266888Fixed
libjpeg-turboc10f12.0.6-alt12.1.2-alt1.2ALT-PU-2021-1392-1266888Fixed
libjpeg-turboc9f22.0.2-alt1.c9f2.12.0.2-alt1.c9f2.1ALT-PU-2021-3093-1287595Fixed
libjpeg-turbop112.0.6-alt13.0.2-alt2.1ALT-PU-2021-1392-1266888Fixed
libjpeg8sisyphus2.0.4-alt13.0.3-alt1ALT-PU-2020-1130-1245451Fixed
libjpeg8p102.0.4-alt12.1.0-alt1.1ALT-PU-2020-1130-1245451Fixed
libjpeg8p92.0.5-alt12.0.5-alt1ALT-PU-2020-2252-1253974Fixed
libjpeg8c10f12.0.4-alt12.1.0-alt1.1ALT-PU-2020-1130-1245451Fixed
libjpeg8c9f22.0.5-alt12.0.5-alt1ALT-PU-2020-2252-1253974Fixed
libjpeg8p112.0.4-alt13.0.3-alt1ALT-PU-2020-1130-1245451Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://cwe.mitre.org/data/definitions/121.html
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*
      End excliding
      2.0.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top