Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-14153

Published: 15 June 2020

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

Notes

AuthorNote
mdeslaur
patch in libjpeg9 9d appears to be:
-      entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no];
+      entropy->ac_cur_tbls[blkn] =	/* AC needs no table when not present */
+	cinfo->lim_Se ? entropy->ac_derived_tbls[compptr->ac_tbl_no] : NULL;

per upstream libjpeg-turbo bug, libjpeg-turbo is not vulnerable
to this issue
ccdm94
due to the same reasoning provided by the libjpeg-turbo upstream in issue
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445, it is safe to
assume that libjpeg6b is also not vulnerable to this.

Priority

Low

Cvss 3 Severity Score

7.1

Score breakdown

Status

Package Release Status
libjpeg6b
Launchpad, Ubuntu, Debian
trusty Not vulnerable

impish Not vulnerable

bionic Not vulnerable

focal Not vulnerable

hirsute Ignored
(end of life)
xenial Needed

jammy Not vulnerable

upstream Not vulnerable

lunar Not vulnerable

eoan Ignored
(end of life)
groovy Ignored
(end of life)
kinetic Not vulnerable

mantic Not vulnerable

libjpeg-turbo
Launchpad, Ubuntu, Debian
impish Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

upstream Not vulnerable

bionic Not vulnerable

focal Not vulnerable

trusty Not vulnerable

xenial Not vulnerable

jammy Not vulnerable

lunar Not vulnerable

eoan Ignored
(end of life)
kinetic Not vulnerable

mantic Not vulnerable

libjpeg9
Launchpad, Ubuntu, Debian
bionic Needed

hirsute Not vulnerable
(1:9d-1)
xenial
Released (1:9b-1ubuntu1+esm1)
Available with Ubuntu Pro
jammy Not vulnerable
(1:9d-1)
lunar Not vulnerable
(1:9d-1)
eoan Ignored
(end of life)
focal Not vulnerable
(1:9d-1)
groovy Not vulnerable
(1:9d-1)
impish Not vulnerable
(1:9d-1)
kinetic Not vulnerable
(1:9d-1)
trusty Does not exist

upstream
Released (9d)
mantic Not vulnerable
(1:9d-1)

Severity score breakdown

Parameter Value
Base score 7.1
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H