INFSA-2025:7540: libjpeg-turbo security update
Information about definition
Identificator: INFSA-2025:7540
Type: security
Release date: 2025-06-09 06:15:33 UTC
Information about package
The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.
Vulnerabilities description
- CVE-2020-13790
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-13790
|
no information | 8.1 | no information |
Updated packages