libjpeg-turbo
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | JPEG image codec with accelerated baseline compression and decompression |
| Version | 3.0.4-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1671 | 2.0.6-1 | Low | Not affected | ||
| AVG-1067 | 2.0.2-1 | 2.0.3-1 | High | Fixed | |
| AVG-364 | 1.5.1-1 | 1.5.2-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-20205 | AVG-1671 | Low | No | Denial of service | Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. |
| CVE-2019-2201 | AVG-1067 | High | Yes | Arbitrary code execution | Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. |
| CVE-2017-9614 | AVG-364 | Medium | Yes | Denial of service | An out-of-bounds read vulnerability leading to denial of service has been found in libjpeg-turbo <= 1.5.1, in the fill_input_buffer function in jdatasrc.c,... |