Home

CVE-2021-46822

Description

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.146

Associated Vulnerability

VulnerabilityOS Platform
library for handling JPEG files (USN-5631-1) libturbojpeg_1.5.2-0ubuntu5.18.04.6_i386.debLinux
library for handling JPEG files (USN-5631-1) libturbojpeg_1.5.2-0ubuntu5.18.04.6_amd64.debLinux
library for handling JPEG files (USN-5631-1) libturbojpeg_2.0.3-0ubuntu1.20.04.3_i386.debLinux
library for handling JPEG files (USN-5631-1) libturbojpeg_2.0.3-0ubuntu1.20.04.3_amd64.debLinux
library for handling JPEG files (USN-5631-1) libjpeg-turbo8_1.5.2-0ubuntu5.18.04.6_i386.debLinux
library for handling JPEG files (USN-5631-1) libjpeg-turbo8_1.5.2-0ubuntu5.18.04.6_amd64.debLinux
library for handling JPEG files (USN-5631-1) libjpeg-turbo8_2.0.3-0ubuntu1.20.04.3_i386.debLinux
library for handling JPEG files (USN-5631-1) libjpeg-turbo8_2.0.3-0ubuntu1.20.04.3_amd64.debLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-2.0.90-6.el9_1.i686.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-2.0.90-6.el9_1.x86_64.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-debugsource-2.0.90-6.el9_1.i686.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-debugsource-2.0.90-6.el9_1.x86_64.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-devel-2.0.90-6.el9_1.i686.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-devel-2.0.90-6.el9_1.x86_64.rpmLinux
(RHSA-2023:1068) libjpeg-turbo security update libjpeg-turbo-utils-2.0.90-6.el9_1.x86_64.rpmLinux
Libjpeg-turbo update (ELSA-2023-1068) libjpeg-turbo-2.0.90-6.el9_1.i686.rpmLinux
Libjpeg-turbo update (ELSA-2023-1068) libjpeg-turbo-2.0.90-6.el9_1.x86_64.rpmLinux
Libjpeg-turbo-devel update (ELSA-2023-1068) libjpeg-turbo-devel-2.0.90-6.el9_1.i686.rpmLinux
Libjpeg-turbo-devel update (ELSA-2023-1068) libjpeg-turbo-devel-2.0.90-6.el9_1.x86_64.rpmLinux
Libjpeg-turbo-utils update (ELSA-2023-1068) libjpeg-turbo-utils-2.0.90-6.el9_1.x86_64.rpmLinux
libjpeg-turbo security update (RLSA-2023:1068) libjpeg-turbo-2.0.90-6.el9_1.i686.rpmLinux
libjpeg-turbo security update (RLSA-2023:1068) libjpeg-turbo-2.0.90-6.el9_1.x86_64.rpmLinux
libjpeg-turbo security update (RLSA-2023:1068) libjpeg-turbo-devel-2.0.90-6.el9_1.i686.rpmLinux
libjpeg-turbo security update (RLSA-2023:1068) libjpeg-turbo-devel-2.0.90-6.el9_1.x86_64.rpmLinux
libjpeg-turbo security update (RLSA-2023:1068) libjpeg-turbo-utils-2.0.90-6.el9_1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234