[Security] libjpeg-turbo used in this project is vulnerable

saki4510t / UVCCamera

library and sample to access to UVC web camera on non-rooted Android device

2.96k stars 1.19k forks source link

[Security] libjpeg-turbo used in this project is vulnerable #698

Open the-Chain-Warden-thresh opened 5 months ago

the-Chain-Warden-thresh commented 5 months ago

CVE-2021-46822 is a security vulnerability in libjpeg-turbo, which is used in this project. The root cause of this CVE is heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. you can easily fix this vulnerability by applying this patch.