CVE-2020-14152

Priority
Description
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in
djpeg does not honor the max_memory_to_use setting, possibly causing
excessive memory consumption.
Notes
mdeslaurlooks like this was fixed a long time ago in libjpeg-turbo
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.5.2-0ubuntu5.18.04.4)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2.0.3-0ubuntu1.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.0.3-0ubuntu2)
Patches:
Upstream:https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:released (9d)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1:9d-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1:9d-1)
More Information

Updated: 2020-09-09 23:35:24 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)