Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-21
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
| Products | Libjpeg\-Turbo |
| Type | Out-of-bounds Write (CWE-787) Integer Overflow or Wraparound (CWE-190) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
• https://usn.ubuntu.com/4190-1/ |