SB2020062243 - Out-of-bounds read in libjpeg-turbo (Alpine package)
Published: June 22, 2020
Security Bulletin ID
SB2020062243
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2020-13790)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=64c1a9607a546bd84e9c8d5a604d7fc87851a4af
- https://git.alpinelinux.org/aports/commit/?id=a6bbc6a39bd7459f28e4f24d83f51c7ed7c9c08b
- https://git.alpinelinux.org/aports/commit/?id=a85da862ac46070bb8ddbff5fb4d4a89953d7551
- https://git.alpinelinux.org/aports/commit/?id=b2f81f5a103f21ecd379b2247bcde8a8cb523c6a