CVE-2018-20330

Name of the Vulnerable Software and Affected Versions libjpeg-turbo version 2.0.1

Description The issue is related to an integer overflow in the tjLoadImage function, which can lead to a heap-based buffer overflow. This occurs when processing a BMP image, specifically due to the mishandling of the multiplication of pitch and height. This has been demonstrated using tjbench.

Recommendations For libjpeg-turbo version 2.0.1, consider restricting the use of the tjLoadImage function until a patch is available, especially when handling BMP images. As a temporary workaround, avoid using this function with potentially malicious or untrusted image sources to minimize the risk of exploitation.