Source: libjpeg-turbo Version: 1:1.5.2-2 Severity: important Tags: security upstream Forwarded: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
Hi, The following vulnerability was published for libjpeg-turbo. CVE-2020-13790[0]: | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over- | read in get_rgb_row() in rdppm.c via a malformed PPM input file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790 [1] https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 [2] https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) [3] https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) Please adjust the affected versions in the BTS as needed. Regards, Salvatore
