Information on source package libjpeg-turbo

Available versions

ReleaseVersion
jessie1:1.3.1-12+deb8u3
stretch1:1.5.1-2+deb9u3
stretch (security)1:1.5.1-2+deb9u2
buster1:1.5.2-2+deb10u1
bullseye1:2.0.6-4
bookworm1:2.1.5-2
trixie1:2.1.5-3
sid1:2.1.5-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-46822vulnerable (no DSA)fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...
CVE-2020-35538vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedA crafted input file could cause a null pointer dereference in jcopy_s ...
CVE-2019-2201vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-17541vulnerablevulnerablevulnerablefixedfixedfixedfixedLibjpeg-turbo all version have a stack-based buffer overflow in the "t ...
CVE-2018-11813vulnerablevulnerablevulnerablefixedfixedfixedfixedlibjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...
CVE-2017-15232vulnerablevulnerablevulnerablefixedfixedfixedfixedlibjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...

Resolved issues

BugDescription
CVE-2023-2804A heap-based buffer overflow issue was discovered in libjpeg-turbo in ...
CVE-2021-29390libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 byte ...
CVE-2021-20205Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...
CVE-2021-0384
CVE-2020-14153In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...
CVE-2020-14152In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...
CVE-2020-13790libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...
CVE-2018-20330The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflo ...
CVE-2018-19664libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...
CVE-2018-14498get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...
CVE-2018-11214An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...
CVE-2018-11213An issue was discovered in libjpeg 9a. The get_text_gray_row function ...
CVE-2018-11212An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...
CVE-2018-1152libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...
CVE-2016-6702A remote code execution vulnerability in libjpeg in Android 4.x before ...
CVE-2016-3616The cjpeg utility in libjpeg allows remote attackers to cause a denial ...
CVE-2014-9092libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial o ...
CVE-2013-6630The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as ...
CVE-2013-6629The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-t ...
CVE-2012-2806Heap-based buffer overflow in the get_sos function in jdmarker.c in li ...

Security announcements

DSA / DLADescription
ELA-639-1libjpeg-turbo - security update
DLA-3037-1libjpeg-turbo - security update
ELA-276-1libjpeg-turbo - security update
DLA-2302-1libjpeg-turbo - security update
DLA-1719-1libjpeg-turbo - security update
DLA-1638-1libjpeg-turbo - security update

Search for package or bug name: Reporting problems