CVE-2020-17541

Published: 6/1/2021 Last updated: 8/4/2024 Reserved: 8/13/2020

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

conf-gd conf-libjpeg grib

Products affected (2)

Product	Vendor	Version
n/a	n/a	< bdfddcde86e8b9245d9c0c2efe2b6fe8dcf6bf41
n/a	n/a	< *

References (8)

https://cwe.mitre.org/data/definitions/121.html
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
https://cwe.mitre.org/data/definitions/121.html
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
https://cwe.mitre.org/data/definitions/121.html
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
https://cwe.mitre.org/data/definitions/121.html
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392