Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 30 results


CVE-2021-29390

Medium priority
Not affected

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.

3 affected packages

libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-2804

Medium priority
Not affected

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the...

3 affected packages

libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg-turbo Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-37770

Low priority
Needs evaluation

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-37769

Low priority
Needs evaluation

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-37768

Low priority
Needs evaluation

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-35166

Low priority
Needs evaluation

libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-32978

Low priority
Needs evaluation

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Needs evaluation Needs evaluation
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-32202

Medium priority
Vulnerable

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Vulnerable Vulnerable
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-32201

Medium priority
Vulnerable

In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Needs evaluation Vulnerable Vulnerable
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-31796

Low priority
Vulnerable

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

4 affected packages

libjpeg, libjpeg-turbo, libjpeg6b, libjpeg9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libjpeg Vulnerable Vulnerable Vulnerable
libjpeg-turbo Not affected Not affected Not affected Not affected Not affected
libjpeg6b Not affected Not affected Not affected Not affected Not affected
libjpeg9 Not affected Not affected Not affected Not affected Not affected
Show less packages