CVE-2021-20205

Name
CVE-2021-20205
Description
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1937385
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:* libjpeg-turbo == None == 2.0.90

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libjpeg-turbo 3.13-main 2.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libjpeg-turbo 3.12-main 2.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libjpeg-turbo 3.14-main 2.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed