vulnerability
Oracle Linux: CVE-2020-17541: ELSA-2021-4288: libjpeg-turbo security and bug fix update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jun 1, 2021 | Nov 17, 2021 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 1, 2021
Added
Nov 17, 2021
Modified
Dec 3, 2025
Description
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solutions
oracle-linux-upgrade-libjpeg-turbooracle-linux-upgrade-libjpeg-turbo-develoracle-linux-upgrade-libjpeg-turbo-utilsoracle-linux-upgrade-turbojpegoracle-linux-upgrade-turbojpeg-devel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.