CVE-2020-14153

HIGH

libjpeg 8-9c - Out-of-bounds Read in jdhuff.c

Title source: llm
STIX 2.1

Description

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

References (3)

Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.gentoo.org/727908
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445

Scores

CVSS v3 7.1
EPSS 0.0108
EPSS Percentile 61.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (1)
ijg/libjpeg 8 - 9c
Published Jun 15, 2020
Tracked Since Feb 18, 2026