The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 959fe01e85b7241e3ec305d657febbe82da16a02 |