Headline
CVE-2020-14153: 727908 – (CVE-2020-14151, CVE-2020-14152, CVE-2020-14153) <media-libs/jpeg-9d: Multiple vulnerabilities (CVE-2020-{14151,14152,14153})
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
Bug 727908 (CVE-2020-14151, CVE-2020-14152, CVE-2020-14153) - <media-libs/jpeg-9d: Multiple vulnerabilities (CVE-2020-{14151,14152,14153})
Summary: <media-libs/jpeg-9d: Multiple vulnerabilities (CVE-2020-{14151,14152,14153})
Status:
RESOLVED FIXED
Alias:
CVE-2020-14151, CVE-2020-14152, CVE-2020-14153
Product:
Gentoo Security
Classification:
Unclassified
Component:
Vulnerabilities (show other bugs)
Hardware:
All Linux
Importance:
Normal normal (vote)
Assignee:
Gentoo Security
URL:
Whiteboard:
B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
Reported:
2020-06-11 04:42 UTC by Sam James
Modified:
2020-07-27 20:39 UTC (History)
CC List:
1 user (show)
See Also:
- https://github.com/gentoo/gentoo/pull/16183
Package list:
=media-libs/jpeg-9d
Runtime testing required:
—
Flags:
nattka: sanity-check+
Attachments
Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.
Related news
Ubuntu Security Notice 5553-1 - It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM.
Ubuntu Security Notice 5497-1 - It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service.