search

Chiencc / asuswrt-gt-ac5300

asuswrt-gt-ac5300
Other
0 stars 0 forks source link

ijgjpeg-7: 10 vulnerabilities (highest severity is: 7.5) #61

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (3)

/release/src/router/jpeg/rdtarga.c /release/src/router/jpeg/rdtarga.c /release/src/router/jpeg/rdtarga.c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (ijgjpeg version) Remediation Possible**
CVE-2018-11813 High 7.5 ijgjpeg-7 Direct 2.0.0
CVE-2020-14152 High 7.1 ijgjpeg-7 Direct jpeg-9d
WS-2021-0185 Medium 6.5 ijgjpeg-7 Direct 2.1.0
CVE-2017-15232 Medium 6.5 detected in multiple dependencies Direct 1.5.3
CVE-2018-14498 Medium 6.5 ijgjpeg-7 Direct 2.0.0
CVE-2012-2806 Medium 5.6 ijgjpeg-7 Direct All libjpeg-turbo users should upgrade to the latest version >= libjpeg-turbo-1.2.1
CVE-2020-35538 Medium 5.5 ijgjpeg-7 Direct 2.0.6
CVE-2021-46822 Medium 5.5 ijgjpeg-7 Direct 2.1.0
CVE-2013-6630 Medium 5.3 ijgjpeg-7 Direct 1.3.1
CVE-2013-6629 Medium 5.3 ijgjpeg-7 Direct 1.3.90

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-11813 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/rdtarga.c /release/src/router/jpeg/rdtarga.c /release/src/router/jpeg/rdtarga.c

### Vulnerability Details

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Publish Date: 2018-06-06

URL: CVE-2018-11813

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2018-06-06

Fix Resolution: 2.0.0

CVE-2020-14152 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/jmemnobs.c /release/src/router/jpeg/jmemnobs.c /release/src/router/jpeg/jmemnobs.c

### Vulnerability Details

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Publish Date: 2020-06-15

URL: CVE-2020-14152

### CVSS 3 Score Details (7.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152

Release Date: 2020-06-15

Fix Resolution: jpeg-9d

WS-2021-0185 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/rdppm.c /release/src/router/jpeg/rdppm.c /release/src/router/jpeg/rdppm.c

### Vulnerability Details

libjpeg-turbo before 2.1.0 is vulnerable to heap-buffer-overflow in get_word_rgb_row, related to rdppm.c.

Publish Date: 2021-04-06

URL: WS-2021-0185

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/OSV-2021-609

Release Date: 2021-04-06

Fix Resolution: 2.1.0

CVE-2017-15232 ### Vulnerable Libraries - ijgjpeg-7, ijgjpeg-7, ijgjpeg-7, ijgjpeg-7, ijgjpeg-7, ijgjpeg-7, ijgjpeg-7, ijgjpeg-7

### Vulnerability Details

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

Publish Date: 2017-10-11

URL: CVE-2017-15232

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232

Release Date: 2017-10-11

Fix Resolution: 1.5.3

CVE-2018-14498 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/rdbmp.c /release/src/router/jpeg/rdbmp.c /release/src/router/jpeg/rdbmp.c

### Vulnerability Details

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Publish Date: 2019-03-07

URL: CVE-2018-14498

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498

Release Date: 2019-03-07

Fix Resolution: 2.0.0

CVE-2012-2806 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/jdmarker.c /release/src/router/jpeg/jdmarker.c /release/src/router/jpeg/jdmarker.c

### Vulnerability Details

Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.

Publish Date: 2012-08-13

URL: CVE-2012-2806

### CVSS 3 Score Details (5.6)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://security.gentoo.org/glsa/glsa-201209-13.xml

Release Date: 2012-09-26

Fix Resolution: All libjpeg-turbo users should upgrade to the latest version >= libjpeg-turbo-1.2.1

CVE-2020-35538 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/jdapistd.c /release/src/router/jpeg/jdapistd.c /release/src/router/jpeg/jdapistd.c

### Vulnerability Details

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

Publish Date: 2022-08-31

URL: CVE-2020-35538

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35538

Release Date: 2022-08-31

Fix Resolution: 2.0.6

CVE-2021-46822 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/rdppm.c /release/src/router/jpeg/rdppm.c /release/src/router/jpeg/rdppm.c

### Vulnerability Details

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

Publish Date: 2022-06-18

URL: CVE-2021-46822

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822

Release Date: 2022-06-18

Fix Resolution: 2.1.0

CVE-2013-6630 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/jpeg/jdmarker.c /release/src/router/jpeg/jdmarker.c /release/src/router/jpeg/jdmarker.c

### Vulnerability Details

The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Publish Date: 2013-11-19

URL: CVE-2013-6630

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2013-11-19

Fix Resolution: 1.3.1

CVE-2013-6629 ### Vulnerable Library - ijgjpeg-7

Reference repository for The Independent JPEG Group's JPEG software, with the TurboJPEG API bolted on (for benchmarking purposes)

Library home page: https://github.com/libjpeg-turbo/ijg.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/jpeg/jdmarker.c /release/src/router/jpeg/jdmarker.c

### Vulnerability Details

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Publish Date: 2013-11-19

URL: CVE-2013-6629

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629

Release Date: 2013-11-19

Fix Resolution: 1.3.90

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 11 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.