CVE-2020-14152

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions IJG JPEG (aka libjpeg) versions prior to 9d

Description The issue is related to the jpeg mem available() function in jmemnobs.c in djpeg, which does not honor the max memory to use setting, possibly causing excessive memory consumption. This could allow a remote attacker to disclose protected information or cause a denial of service.

Recommendations For versions prior to 9d, update to version 9d or later to resolve the issue. As a temporary workaround, consider restricting the use of the jpeg mem available() function in djpeg to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

AZL-45315

BDU:2020-03268

CVE-2020-14152

DLA-2302-1

GHSA-G4M4-9Q4C-MFW6

USN-5336-1

USN-5497-1

USN-5497-2

USN-5553-1

Affected Products

Ubuntu

Libjpeg

CVE-2020-14152

Weakness Enumeration

Related Identifiers

Affected Products

References · 41