PT-2018-15313 · Libjpeg Turbo+1 · Libjpeg-Turbo+1

Vector1Iuo

Published

2018-12-21

Updated

2024-06-15

CVE-2018-20330

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libjpeg-turbo version 2.0.1

Description The issue is related to an integer overflow in the tjLoadImage function, which can lead to a heap-based buffer overflow. This occurs when processing a BMP image, specifically due to the mishandling of the multiplication of pitch and height. This has been demonstrated using tjbench.

Recommendations For libjpeg-turbo version 2.0.1, consider restricting the use of the tjLoadImage function until a patch is available, especially when handling BMP images. As a temporary workaround, avoid using this function with potentially malicious or untrusted image sources to minimize the risk of exploitation.

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

CVE-2018-20330

OPENSUSE-SU-2024:10952-1

USN-4190-1

Affected Products

Ubuntu

Libjpeg-Turbo

PT-2018-15313 · Libjpeg Turbo+1 · Libjpeg-Turbo+1

CVE-2018-20330

Weakness Enumeration

Related Identifiers

Affected Products

References · 22