Download
| Alert*
|
oval:org.secpod.oval:def:1900060
libturbojpeg 2.0.1 has a heap-based buffer over-read in the put_pixel_rowsfunction in wrbmp.c, as demonstrated by djpeg. oval:org.secpod.oval:def:701897 libturbojpeg is installed oval:org.secpod.oval:def:1900082 The tjLoadImage function in libturbojpeg 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated bytjbench. oval:org.secpod.oval:def:1901720 get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. oval:org.secpod.oval:def:701521 libjpeg-turbo: library for handling JPEG files - libjpeg6b: library for handling JPEG files libjpeg and libjpeg-turbo could be made to expose sensitive information. |
