Description
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/221567
Scores
CVSS v3
5.5
EPSS
0.0101
EPSS Percentile
58.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
libjpeg-turbo/libjpeg-turbo
1.5.3 - 2.0.90
Published
Jun 18, 2022
Tracked Since
Feb 18, 2026