CVE-2020-35538

Name
CVE-2020-35538
Description
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30
MISC https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:* libjpeg-turbo >= 2.0.5 <= None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libjpeg-turbo 3.16-main 2.1.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.15-main 2.1.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.14-main 2.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.13-main 2.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libjpeg-turbo 3.17-main 2.1.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libjpeg-turbo edge-main 2.1.5.1-r1 Natanael Copa <ncopa@alpinelinux.org> fixed