Bug 2122387 (CVE-2020-35538) - CVE-2020-35538 libjpeg-turbo: Null pointer dereference in jcopy_sample_rows() function
Summary: CVE-2020-35538 libjpeg-turbo: Null pointer dereference in jcopy_sample_rows()...
Keywords:
Status: NEW
Alias: CVE-2020-35538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2128955 2134056 2128956 2134057 2134058
Blocks: 2122389
TreeView+ depends on / blocked
 
Reported: 2022-08-29 22:23 UTC by Pedro Sampaio
Modified: 2022-10-12 18:42 UTC (History)
24 users (show)

Fixed In Version: libjpeg-turbo 2.0.6
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in libjpeg-turbo where a segmentation fault occurs due to a NULL pointer passing to jcopy_sample_rows(). You may see this error statement: "Corrupt JPEG data: premature end of data segment". When processed by a libjpeg-turbo, a crafted input file could cause a crash, leading to a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2022-08-29 22:23:38 UTC
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

Upstream issue:

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/441

Upstream fix:

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30

Comment 2 TEJ RATHI 2022-09-22 05:37:48 UTC
Created libjpeg-turbo tracking bugs for this issue:

Affects: fedora-all [bug 2128955]


Created mingw-libjpeg-turbo tracking bugs for this issue:

Affects: fedora-all [bug 2128956]


Note You need to log in before you can comment on or make changes to this bug.