CVE-2020-35538

MEDIUM

Libjpeg-turbo - NULL Pointer Dereference

Title source: rule

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

Core 2

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

Patch, Third Party Advisory x_refsource_misc

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-476

Status published

Products (1)

libjpeg-turbo/libjpeg-turbo 2.0.5

Published Aug 31, 2022

Tracked Since Feb 18, 2026