« List of all CVEs

CVE-2018-20330

Published: 12/21/2018 Last updated: 8/5/2024 Reserved: 12/21/2018

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-gd conf-libjpeg grib

Products affected (1)

Product Vendor Version
n/a n/a < 6.1.7601.26864

References (4)