Vulnerabilities (CVE)

Filtered by vendor Jpeg Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37837 1 Jpeg 1 Libjpeg 2024-11-21 N/A 6.5 MEDIUM
libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2023-37836 1 Jpeg 1 Libjpeg 2024-11-21 N/A 6.5 MEDIUM
libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2022-37770 1 Jpeg 1 Libjpeg 2024-11-21 N/A 6.5 MEDIUM
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2022-37769 1 Jpeg 1 Libjpeg 2024-11-21 N/A 6.5 MEDIUM
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2022-37768 1 Jpeg 1 Libjpeg 2024-11-21 N/A 7.5 HIGH
libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.
CVE-2022-35166 1 Jpeg 1 Libjpeg 2024-11-21 N/A 5.5 MEDIUM
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.
CVE-2022-32978 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
CVE-2022-31796 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
CVE-2021-39520 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
CVE-2021-39519 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.
CVE-2021-39518 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.
CVE-2021-39517 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.
CVE-2021-39516 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service.
CVE-2021-39515 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service.
CVE-2021-39514 1 Jpeg 1 Libjpeg 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service.
CVE-2021-28026 1 Jpeg 1 Jpeg-xl 2024-11-21 6.8 MEDIUM 7.8 HIGH
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.