vulnerability
Oracle Linux: CVE-2020-17541: ELSA-2021-4288: libjpeg-turbo security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 1, 2021 | Nov 17, 2021 | Jan 7, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 1, 2021
Added
Nov 17, 2021
Modified
Jan 7, 2025
Description
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution(s)
oracle-linux-upgrade-libjpeg-turbooracle-linux-upgrade-libjpeg-turbo-develoracle-linux-upgrade-libjpeg-turbo-utilsoracle-linux-upgrade-turbojpegoracle-linux-upgrade-turbojpeg-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.