Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13790 (GCVE-0-2020-13790)
Vulnerability from cvelistv5 – Published: 2020-06-03 18:56 – Updated: 2024-08-04 12:25
VLAI?
EPSS
Summary
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/libjpeg-turbo/libjpeg-turbo/is… | x_refsource_MISC |
| https://github.com/libjpeg-turbo/libjpeg-turbo/co… | x_refsource_MISC |
| https://usn.ubuntu.com/4386-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202010-03 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"name": "USN-4386-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"name": "FEDORA-2020-f09ecf5985",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"name": "FEDORA-2020-86fa578c8d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"name": "openSUSE-SU-2020:1413",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1458",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"name": "GLSA-202010-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202010-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T12:06:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"name": "USN-4386-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"name": "FEDORA-2020-f09ecf5985",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"name": "FEDORA-2020-86fa578c8d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"name": "openSUSE-SU-2020:1413",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1458",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"name": "GLSA-202010-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202010-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"name": "USN-4386-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"name": "FEDORA-2020-f09ecf5985",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"name": "FEDORA-2020-86fa578c8d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"name": "openSUSE-SU-2020:1413",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1458",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"name": "GLSA-202010-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202010-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13790",
"datePublished": "2020-06-03T18:56:05.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-13790",
"date": "2026-05-22",
"epss": "0.00416",
"percentile": "0.61861"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F91F79CC-B2C4-4D9E-99AA-5D6A49D41561\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:mozjpeg:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA6BBD46-8949-4596-9C32-4593916A6D10\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.\"}, {\"lang\": \"es\", \"value\": \"libjpeg-turbo versi\\u00f3n 2.0.4, y mozjpeg versi\\u00f3n 4.0.0, presenta una lectura excesiva del b\\u00fafer en la regi\\u00f3n heap de la memoria en la funci\\u00f3n get_rgb_row() en el archivo rdppm.c por medio de un archivo de entrada PPM malformado.\"}]",
"id": "CVE-2020-13790",
"lastModified": "2024-11-21T05:01:51.687",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-06-03T19:15:10.817",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202010-03\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4386-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202010-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4386-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13790\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-03T19:15:10.817\",\"lastModified\":\"2024-11-21T05:01:51.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.\"},{\"lang\":\"es\",\"value\":\"libjpeg-turbo versi\u00f3n 2.0.4, y mozjpeg versi\u00f3n 4.0.0, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n get_rgb_row() en el archivo rdppm.c por medio de un archivo de entrada PPM malformado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F91F79CC-B2C4-4D9E-99AA-5D6A49D41561\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozjpeg:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA6BBD46-8949-4596-9C32-4593916A6D10\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202010-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4386-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202010-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4386-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2025-AVI-0530
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.0.x antérieures à 6.2.0.5 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP12 IF02 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.0.x antérieures à 6.2.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP12 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-33117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33117"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2025-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33121"
},
{
"name": "CVE-2020-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13790"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-36050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36050"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0530",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237159",
"url": "https://www.ibm.com/support/pages/node/7237159"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237316",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237317",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
]
}
CERTFR-2025-AVI-0530
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.0.x antérieures à 6.2.0.5 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP12 IF02 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.0.x antérieures à 6.2.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP12 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-33117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33117"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2025-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33121"
},
{
"name": "CVE-2020-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13790"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-36050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36050"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0530",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237159",
"url": "https://www.ibm.com/support/pages/node/7237159"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237316",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237317",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
]
}
alsa-2025:7540
Vulnerability from osv_almalinux
Published
2025-05-14 00:00
Modified
2025-06-10 19:29
Summary
Moderate: libjpeg-turbo security update
Details
The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.
Security Fix(es):
- libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libjpeg-turbo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-14.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libjpeg-turbo-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-14.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libjpeg-turbo-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-14.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "turbojpeg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-14.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "turbojpeg-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-14.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. \n\nSecurity Fix(es): \n\n * libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:7540",
"modified": "2025-06-10T19:29:07Z",
"published": "2025-05-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:7540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-13790"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1847155"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-7540.html"
}
],
"related": [
"CVE-2020-13790"
],
"summary": "Moderate: libjpeg-turbo security update"
}
BDU:2021-01352
Vulnerability from fstec - Published: 14.06.2020
VLAI Severity ?
Title
Уязвимость функции start_input_ppm из rdppm.c библиотеки для работы с изображениями libjpeg-turbo, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Description
Уязвимость функции start_input_ppm из rdppm.c библиотеки для работы с изображениями libjpeg-turbo связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity ?
Vendor
Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project, Independent JPEG Group, АО «ИВК», АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»
Software Name
Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, libjpeg-turbo, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization (запись в едином реестре российских программ №5091), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
12.04 (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 32 (Fedora), 20.04 LTS (Ubuntu), до 2.0.4 (libjpeg-turbo), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/
Для Ubuntu:
https://ubuntu.com/security/notices/USN-4386-1
Для libjpeg-turbo:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2020-13790
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОСОН Основа:
Обновление программного обеспечения libjpeg-turbo до версии 1:1.5.2-2+deb10u1
Для ОСОН ОСнова Оnyx:Обновление программного обеспечения libjpeg-turbo-pantum до версии 2.1.2-0ubuntu1osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libjpeg-turbo до версии 1:1.5.1-2+deb9u2
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2890
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2880
Reference
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/
https://nvd.nist.gov/vuln/detail/CVE-2020-13790
https://security-tracker.debian.org/tracker/CVE-2020-13790
https://ubuntu.com/security/notices/USN-4386-1
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2890
https://abf.rosa.ru/advisories/ROSA-SA-2025-2880
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, Independent JPEG Group, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.04 (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 32 (Fedora), 20.04 LTS (Ubuntu), \u0434\u043e 2.0.4 (libjpeg-turbo), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4386-1\n\n\u0414\u043b\u044f libjpeg-turbo:\nhttps://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2020-13790\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libjpeg-turbo \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.5.2-2+deb10u1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libjpeg-turbo-pantum \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.1.2-0ubuntu1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libjpeg-turbo \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.5.1-2+deb9u2\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2890\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2880",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.03.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01352",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-13790",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, libjpeg-turbo, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 12.04 32-bit, Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 19.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 32 , Canonical Ltd. Ubuntu 20.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.5 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 start_input_ppm \u0438\u0437 rdppm.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 libjpeg-turbo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 start_input_ppm \u0438\u0437 rdppm.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 libjpeg-turbo \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a\nhttps://github.com/libjpeg-turbo/libjpeg-turbo/issues/433\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13790\nhttps://security-tracker.debian.org/tracker/CVE-2020-13790\nhttps://ubuntu.com/security/notices/USN-4386-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2890\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2880",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CNVD-2021-31261
Vulnerability from cnvd - Published: 2021-04-27
VLAI Severity ?
Title
libjpeg-turbo缓冲区溢出漏洞
Description
libjpeg是一款用于处理JPEG格式图像数据的C语言库。该产品包括JPEG解码、JPEG编码和其他JPEG功能。libjpeg-turbo是libjpeg的一个优化改进版本。
libjpeg-turbo 2.0.4版本和mozjpeg 4.0.0版本中的rdppm.c文件的‘get_rgb_row’函数存在缓冲区溢出漏洞,远程攻击者可借助特制PPM输入文件利用该漏洞获取敏感信息或导致应用程序崩溃(拒绝服务)。
Severity
中
Patch Name
libjpeg-turbo缓冲区溢出漏洞的补丁
Patch Description
libjpeg是一款用于处理JPEG格式图像数据的C语言库。该产品包括JPEG解码、JPEG编码和其他JPEG功能。libjpeg-turbo是libjpeg的一个优化改进版本。
libjpeg-turbo 2.0.4版本和mozjpeg 4.0.0版本中的rdppm.c文件的‘get_rgb_row’函数存在缓冲区溢出漏洞,远程攻击者可借助特制PPM输入文件利用该漏洞获取敏感信息或导致应用程序崩溃(拒绝服务)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-13790
Impacted products
| Name | ['libjpeg-turbo libjpeg-turbo 2.0.4', 'libjpeg-turbo mozjpeg 4.0.0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-13790"
}
},
"description": "libjpeg\u662f\u4e00\u6b3e\u7528\u4e8e\u5904\u7406JPEG\u683c\u5f0f\u56fe\u50cf\u6570\u636e\u7684C\u8bed\u8a00\u5e93\u3002\u8be5\u4ea7\u54c1\u5305\u62ecJPEG\u89e3\u7801\u3001JPEG\u7f16\u7801\u548c\u5176\u4ed6JPEG\u529f\u80fd\u3002libjpeg-turbo\u662flibjpeg\u7684\u4e00\u4e2a\u4f18\u5316\u6539\u8fdb\u7248\u672c\u3002\n\nlibjpeg-turbo 2.0.4\u7248\u672c\u548cmozjpeg 4.0.0\u7248\u672c\u4e2d\u7684rdppm.c\u6587\u4ef6\u7684\u2018get_rgb_row\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236PPM\u8f93\u5165\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff08\u62d2\u7edd\u670d\u52a1\uff09\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-31261",
"openTime": "2021-04-27",
"patchDescription": "libjpeg\u662f\u4e00\u6b3e\u7528\u4e8e\u5904\u7406JPEG\u683c\u5f0f\u56fe\u50cf\u6570\u636e\u7684C\u8bed\u8a00\u5e93\u3002\u8be5\u4ea7\u54c1\u5305\u62ecJPEG\u89e3\u7801\u3001JPEG\u7f16\u7801\u548c\u5176\u4ed6JPEG\u529f\u80fd\u3002libjpeg-turbo\u662flibjpeg\u7684\u4e00\u4e2a\u4f18\u5316\u6539\u8fdb\u7248\u672c\u3002\r\n\r\nlibjpeg-turbo 2.0.4\u7248\u672c\u548cmozjpeg 4.0.0\u7248\u672c\u4e2d\u7684rdppm.c\u6587\u4ef6\u7684\u2018get_rgb_row\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236PPM\u8f93\u5165\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff08\u62d2\u7edd\u670d\u52a1\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libjpeg-turbo\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"libjpeg-turbo libjpeg-turbo 2.0.4",
"libjpeg-turbo mozjpeg 4.0.0"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790",
"serverity": "\u4e2d",
"submitTime": "2020-06-04",
"title": "libjpeg-turbo\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2020-13790
Vulnerability from fkie_nvd - Published: 2020-06-03 19:15 - Updated: 2024-11-21 05:01
Severity ?
Summary
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libjpeg-turbo | libjpeg-turbo | 2.0.4 | |
| mozilla | mozjpeg | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F91F79CC-B2C4-4D9E-99AA-5D6A49D41561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozjpeg:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6BBD46-8949-4596-9C32-4593916A6D10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."
},
{
"lang": "es",
"value": "libjpeg-turbo versi\u00f3n 2.0.4, y mozjpeg versi\u00f3n 4.0.0, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n get_rgb_row() en el archivo rdppm.c por medio de un archivo de entrada PPM malformado."
}
],
"id": "CVE-2020-13790",
"lastModified": "2024-11-21T05:01:51.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T19:15:10.817",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202010-03"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202010-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4386-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3RGW-2FPG-85MQ
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19
VLAI?
Details
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
{
"affected": [],
"aliases": [
"CVE-2020-13790"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T19:15:00Z",
"severity": "MODERATE"
},
"details": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
"id": "GHSA-3rgw-2fpg-85mq",
"modified": "2022-05-24T17:19:03Z",
"published": "2022-05-24T17:19:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790"
},
{
"type": "WEB",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"type": "WEB",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202010-03"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4386-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-13790
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13790",
"description": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
"id": "GSD-2020-13790",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13790.html",
"https://ubuntu.com/security/CVE-2020-13790",
"https://advisories.mageia.org/CVE-2020-13790.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13790"
],
"details": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
"id": "GSD-2020-13790",
"modified": "2023-12-13T01:21:46.892543Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a",
"refsource": "MISC",
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"name": "USN-4386-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"name": "FEDORA-2020-f09ecf5985",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"name": "FEDORA-2020-86fa578c8d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"name": "openSUSE-SU-2020:1413",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1458",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"name": "GLSA-202010-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202010-03"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=2.0.4",
"affected_versions": "Version 2.0.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-937"
],
"date": "2020-10-20",
"description": "libjpeg-turbo has a heap-based buffer over-read in `get_rgb_row()` in `rdppm.c` via a malformed PPM input file.",
"fixed_versions": [
"2.0.5"
],
"identifier": "CVE-2020-13790",
"identifiers": [
"CVE-2020-13790"
],
"not_impacted": "All versions before 2.0.4, all versions after 2.0.4",
"package_slug": "conan/libjpeg-turbo",
"pubdate": "2020-06-03",
"solution": "Upgrade to version 2.0.5 or above.",
"title": "Out-of-bounds Read",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13790"
],
"uuid": "5a19ff7e-820f-4377-88ec-1d6bdb1ebd80"
},
{
"affected_range": "=4.0.0",
"affected_versions": "Version 4.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-125",
"CWE-937"
],
"date": "2020-10-20",
"description": "mozjpeg has a heap-based buffer over-read in `get_rgb_row()` in `rdppm.c` via a malformed PPM input file.",
"fixed_versions": [],
"identifier": "CVE-2020-13790",
"identifiers": [
"CVE-2020-13790"
],
"not_impacted": "",
"package_slug": "conan/mozjpeg",
"pubdate": "2020-06-03",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Out-of-bounds Read",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-13790"
],
"uuid": "e0b4cfed-41c9-4459-8c7d-982d982a21af"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:mozjpeg:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13790"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433"
},
{
"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a"
},
{
"name": "USN-4386-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4386-1/"
},
{
"name": "FEDORA-2020-f09ecf5985",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4D6KNUY7YANSPH7SVQ44PJKSABFKAUB/"
},
{
"name": "FEDORA-2020-86fa578c8d",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6563YHSVZK24MPJXGJVK3CQG7JVWZGK/"
},
{
"name": "[debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"
},
{
"name": "openSUSE-SU-2020:1413",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1458",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00062.html"
},
{
"name": "GLSA-202010-03",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202010-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2020-10-20T13:15Z",
"publishedDate": "2020-06-03T19:15Z"
}
}
}
OPENSUSE-SU-2020:1413-1
Vulnerability from csaf_opensuse - Published: 2020-09-11 14:25 - Updated: 2020-09-11 14:25Summary
Security update for libjpeg-turbo
Severity
Moderate
Notes
Title of the patch: Security update for libjpeg-turbo
Description of the patch: This update for libjpeg-turbo fixes the following issues:
- CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-1413
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libjpeg-turbo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libjpeg-turbo fixes the following issues:\n\n- CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1413",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1413-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1413-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/52QOQYR4PVDHN5TNNBKZFP3AO4TWOOJE/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1413-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/52QOQYR4PVDHN5TNNBKZFP3AO4TWOOJE/"
},
{
"category": "self",
"summary": "SUSE Bug 1172491",
"url": "https://bugzilla.suse.com/1172491"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13790 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13790/"
}
],
"title": "Security update for libjpeg-turbo",
"tracking": {
"current_release_date": "2020-09-11T14:25:03Z",
"generator": {
"date": "2020-09-11T14:25:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1413-1",
"initial_release_date": "2020-09-11T14:25:03Z",
"revision_history": [
{
"date": "2020-09-11T14:25:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"product": {
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"product_id": "libjpeg-turbo-1.5.3-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-62.2.0-lp151.6.6.1.i586",
"product": {
"name": "libjpeg62-62.2.0-lp151.6.6.1.i586",
"product_id": "libjpeg62-62.2.0-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"product": {
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"product_id": "libjpeg62-devel-62.2.0-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"product": {
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"product_id": "libjpeg62-turbo-1.5.3-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg8-8.1.2-lp151.6.6.1.i586",
"product": {
"name": "libjpeg8-8.1.2-lp151.6.6.1.i586",
"product_id": "libjpeg8-8.1.2-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"product": {
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"product_id": "libjpeg8-devel-8.1.2-lp151.6.6.1.i586"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"product": {
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"product_id": "libturbojpeg0-8.1.2-lp151.6.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"product_id": "libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"product_id": "libjpeg62-62.2.0-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"product_id": "libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"product_id": "libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"product_id": "libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"product_id": "libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libjpeg8-8.1.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libturbojpeg0-8.1.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"product": {
"name": "libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"product_id": "libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.i586"
},
"product_reference": "libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-62.2.0-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.i586"
},
"product_reference": "libjpeg62-62.2.0-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-62.2.0-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.i586"
},
"product_reference": "libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.i586"
},
"product_reference": "libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-8.1.2-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.i586"
},
"product_reference": "libjpeg8-8.1.2-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.i586"
},
"product_reference": "libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.i586"
},
"product_reference": "libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libturbojpeg0-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64"
},
"product_reference": "libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13790"
}
],
"notes": [
{
"category": "general",
"text": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13790",
"url": "https://www.suse.com/security/cve/CVE-2020-13790"
},
{
"category": "external",
"summary": "SUSE Bug 1172491 for CVE-2020-13790",
"url": "https://bugzilla.suse.com/1172491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-32bit-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-devel-62.2.0-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg62-turbo-1.5.3-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libjpeg8-devel-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-32bit-8.1.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.i586",
"openSUSE Leap 15.1:libturbojpeg0-8.1.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-11T14:25:03Z",
"details": "moderate"
}
],
"title": "CVE-2020-13790"
}
]
}
OPENSUSE-SU-2020:1458-1
Vulnerability from csaf_opensuse - Published: 2020-09-19 12:21 - Updated: 2020-09-19 12:21Summary
Security update for libjpeg-turbo
Severity
Moderate
Notes
Title of the patch: Security update for libjpeg-turbo
Description of the patch: This update for libjpeg-turbo fixes the following issues:
- CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-1458
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libjpeg-turbo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libjpeg-turbo fixes the following issues:\n\n- CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1458",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1458-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1458-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKR5P4LZGKKVQJWLSSC2P3H2MGGEO5I4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1458-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKR5P4LZGKKVQJWLSSC2P3H2MGGEO5I4/"
},
{
"category": "self",
"summary": "SUSE Bug 1172491",
"url": "https://bugzilla.suse.com/1172491"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13790 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13790/"
}
],
"title": "Security update for libjpeg-turbo",
"tracking": {
"current_release_date": "2020-09-19T12:21:27Z",
"generator": {
"date": "2020-09-19T12:21:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1458-1",
"initial_release_date": "2020-09-19T12:21:27Z",
"revision_history": [
{
"date": "2020-09-19T12:21:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"product": {
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"product_id": "libjpeg-turbo-1.5.3-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-62.2.0-lp152.8.3.1.i586",
"product": {
"name": "libjpeg62-62.2.0-lp152.8.3.1.i586",
"product_id": "libjpeg62-62.2.0-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"product": {
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"product_id": "libjpeg62-devel-62.2.0-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"product": {
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"product_id": "libjpeg62-turbo-1.5.3-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg8-8.1.2-lp152.8.3.1.i586",
"product": {
"name": "libjpeg8-8.1.2-lp152.8.3.1.i586",
"product_id": "libjpeg8-8.1.2-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"product": {
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"product_id": "libjpeg8-devel-8.1.2-lp152.8.3.1.i586"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"product": {
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"product_id": "libturbojpeg0-8.1.2-lp152.8.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"product_id": "libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"product_id": "libjpeg62-62.2.0-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"product_id": "libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"product_id": "libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"product_id": "libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"product_id": "libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libjpeg8-8.1.2-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libturbojpeg0-8.1.2-lp152.8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"product": {
"name": "libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"product_id": "libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.i586"
},
"product_reference": "libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-62.2.0-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.i586"
},
"product_reference": "libjpeg62-62.2.0-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-62.2.0-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.i586"
},
"product_reference": "libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.i586"
},
"product_reference": "libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-8.1.2-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.i586"
},
"product_reference": "libjpeg8-8.1.2-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.i586"
},
"product_reference": "libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.i586"
},
"product_reference": "libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libturbojpeg0-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64"
},
"product_reference": "libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13790"
}
],
"notes": [
{
"category": "general",
"text": "libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13790",
"url": "https://www.suse.com/security/cve/CVE-2020-13790"
},
{
"category": "external",
"summary": "SUSE Bug 1172491 for CVE-2020-13790",
"url": "https://bugzilla.suse.com/1172491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-32bit-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-devel-62.2.0-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg62-turbo-1.5.3-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libjpeg8-devel-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-32bit-8.1.2-lp152.8.3.1.x86_64",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.i586",
"openSUSE Leap 15.2:libturbojpeg0-8.1.2-lp152.8.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-19T12:21:27Z",
"details": "moderate"
}
],
"title": "CVE-2020-13790"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…