CVE-2020-13790

Priority
Description
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read
in get_rgb_row() in rdppm.c via a malformed PPM input file.
Assigned-to
leosilva
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.1.90+svn733-0ubuntu4.6)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.3.0-0ubuntu2.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.2-0ubuntu3.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.5.2-0ubuntu5.18.04.4)
Ubuntu 19.10 (Eoan Ermine):released (2.0.3-0ubuntu1.19.10.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2.0.3-0ubuntu1.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):released (2.0.3-0ubuntu2)
Patches:
Upstream:https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
More Information

Updated: 2020-06-11 15:15:05 UTC (commit 4332b8e5c41ab76b6b62a185e5cc12b9949d4df1)