Skip to main content

Libjpeg Turbo CVE-2021-20205

MEDIUM
Divide By Zero (CWE-369)
2021-03-10 secalert@redhat.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 10, 2021 - 17:15 nvd
MEDIUM 6.5

DescriptionNVD

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.

AnalysisAI

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-369. Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. Affected products include: Libjpeg-Turbo, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-9614 HIGH POC
8.8 Jul 27

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service

CVE-2020-13790 HIGH POC
8.1 Jun 03

libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PP

CVE-2017-15232 MEDIUM POC
6.5 Oct 11

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Rated medium sev

CVE-2023-2804 MEDIUM POC
6.5 May 25

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrge

CVE-2018-19664 MEDIUM POC
6.5 Nov 29

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpe

CVE-2019-13960 MEDIUM POC
5.5 Jul 18

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image cont

CVE-2012-2806 HIGH
8.8 Aug 13

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause

CVE-2016-3616 HIGH
8.8 Feb 13

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and applicat

CVE-2018-20330 HIGH
8.8 Dec 21

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via

CVE-2014-9092 MEDIUM
6.5 Oct 10

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related

CVE-2018-1152 MEDIUM
6.5 Jun 18

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a cra

CVE-2013-6629 MEDIUM
5.0 Nov 19

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome befor

Share

CVE-2021-20205 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy