Package "libjpeg-turbo"

Name: libjpeg-turbo


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IJG JPEG compliant runtime library.
  • Debugging symbols for the libjpeg-turbo library
  • Development files for the IJG JPEG library

Latest version: 2.0.3-0ubuntu1.20.04.3
Release: focal (20.04)
Level: security
Repository: main


Other versions of "libjpeg-turbo" in Focal

Repository Area Version
base main 2.0.3-0ubuntu1
base universe 2.0.3-0ubuntu1
security universe 2.0.3-0ubuntu1.20.04.3
updates main 2.0.3-0ubuntu1.20.04.3
updates universe 2.0.3-0ubuntu1.20.04.3

Packages in group

Deleted packages are displayed in grey.


Version: 2.0.3-0ubuntu1.20.04.3 2022-09-22 18:06:25 UTC

  libjpeg-turbo (2.0.3-0ubuntu1.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow in the "transform"
    - debian/patches/CVE-2020-17541.patch: fix very rare local buffer
      overrun in jchuff.c.
    - CVE-2020-17541
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-35538.patch: fix jpeg_skip_scanlines()
      segfault w/merged upsamp in jdapistd.c, jdmerge.c, jdmerge.h,
      jdmrg565.c, jdmrgext.c.
    - debian/patches/CVE-2020-35538-2.patch: further jpeg_skip_scanlines()
      fixes in CMakeLists.txt, croptest.in, jdapistd.c.
    - CVE-2020-35538
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-46822.patch: fix issues w/loading 16-bit
      PPMs/PGMs in rdppm.c.
    - CVE-2021-46822

 -- Marc Deslauriers <email address hidden> Wed, 21 Sep 2022 13:54:13 -0400

Source diff to previous version
CVE-2020-17541 Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the se
CVE-2020-35538 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
CVE-2021-46822 The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading

Version: 2.0.3-0ubuntu1.20.04.1 2020-06-09 19:06:47 UTC

  libjpeg-turbo (2.0.3-0ubuntu1.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2020-13790.patch: fix buf overrun caused
      by bad binary PPM in rdppm.c.
    - CVE-2020-13790

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jun 2020 13:10:10 -0300

CVE-2020-13790 libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

About   -   Send Feedback to @ubuntu_updates