INFSA-2024:2295: libjpeg-turbo security update
Information about definition
Identificator: INFSA-2024:2295
Type: security
Release date: 2024-12-27 09:43:58 UTC
Information about package
The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.
Vulnerabilities description
- CVE-2021-29390
A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2021-29390
|
no information | 7.1 | no information |
Updated packages