Vulnerability CVE-2020-17541: Information
Description
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libjpeg-turbo | sisyphus | 2.0.6-alt1 | 3.0.2-alt2.1 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | sisyphus_riscv64 | 2.0.6-alt0.4.rv64 | 3.0.2-alt2.1 | ALT-PU-2021-4726-1 | - | Fixed |
libjpeg-turbo | p10 | 2.0.6-alt1 | 2.1.5.1-alt1.p10.2 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | c10f1 | 2.0.6-alt1 | 2.1.2-alt1.2 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg-turbo | c9f2 | 2.0.2-alt1.c9f2.1 | 2.0.2-alt1.c9f2.1 | ALT-PU-2021-3093-1 | 287595 | Fixed |
libjpeg-turbo | p11 | 2.0.6-alt1 | 3.0.2-alt2.1 | ALT-PU-2021-1392-1 | 266888 | Fixed |
libjpeg8 | sisyphus | 2.0.4-alt1 | 3.0.3-alt1 | ALT-PU-2020-1130-1 | 245451 | Fixed |
libjpeg8 | p10 | 2.0.4-alt1 | 2.1.0-alt1.1 | ALT-PU-2020-1130-1 | 245451 | Fixed |
libjpeg8 | p9 | 2.0.5-alt1 | 2.0.5-alt1 | ALT-PU-2020-2252-1 | 253974 | Fixed |
libjpeg8 | c10f1 | 2.0.4-alt1 | 2.1.0-alt1.1 | ALT-PU-2020-1130-1 | 245451 | Fixed |
libjpeg8 | c9f2 | 2.0.5-alt1 | 2.0.5-alt1 | ALT-PU-2020-2252-1 | 253974 | Fixed |
libjpeg8 | p11 | 2.0.4-alt1 | 3.0.3-alt1 | ALT-PU-2020-1130-1 | 245451 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 |
|
https://cwe.mitre.org/data/definitions/121.html |
|