Description
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.gentoo.org/727908
Product x_refsource_misc
http://www.ijg.org/files/jpegsrc.v9d.tar.gz
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
Scores
CVSS v3
7.1
EPSS
0.0034
EPSS Percentile
57.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (1)
ijg/libjpeg
8 - 9c
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026