The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 2101702] Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 2101704]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1068 https://access.redhat.com/errata/RHSA-2023:1068
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-46822