CVE-2021-46822

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-46822
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46822.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-46822
Downstream
Related
Published
2022-06-18T16:15:08Z
Modified
2025-09-16T07:20:29.626246Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgb_row function in rdppm.c.

References

Affected packages

Debian:11 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.0.6-4
1:2.1.1-1
1:2.1.1-2
1:2.1.2-1
1:2.1.5-1
1:2.1.5-2
1:2.1.5-3
1:2.1.5-3.1
1:2.1.5-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.1.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.1.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / libjpeg-turbo

Package

Name
libjpeg-turbo
Purl
pkg:deb/debian/libjpeg-turbo?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.1.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/libjpeg-turbo/libjpeg-turbo

Affected ranges

Type
GIT
Repo
https://github.com/libjpeg-turbo/libjpeg-turbo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f35fd27ec641c42d6b115bfa595e483ec58188d2

Affected versions

0.*

0.0.90
0.0.91
0.0.93

1.*

1.0.0
1.0.1
1.0.90
1.1.0
1.1.1
1.1.90
1.2.0
1.2.1
1.2.90
1.3.0
1.3.1
1.3.90
1.4.0
1.4.1
1.4.2
1.4.90
1.5.0
1.5.1
1.5.2
1.5.3
1.5.90

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.90

Other

jpeg-1
jpeg-2
jpeg-3
jpeg-4
jpeg-4a
jpeg-5
jpeg-5a
jpeg-5b
jpeg-6
jpeg-6a
jpeg-6b
jpeg-6bx
jpeg-7
jpeg-8
jpeg-8a
jpeg-8b
jpeg-8c
jpeg-8d
jpeg-9
jpeg-9a
jpeg-9b
jpeg-9c
jpeg-9d
jpeg-ari

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "rdppm.c"
            },
            "digest": {
                "line_hashes": [
                    "154550684937007978792065401036434341956",
                    "34849433911376459619790736472170818814",
                    "281695252477769122714200495655720896267",
                    "120533593229279907622435113682742146338",
                    "187701529453313185003093589009297679654",
                    "14934939567025485057297003720762987776",
                    "301088263237368198422355583340185968111",
                    "160364715725206012533217877395764884215",
                    "277312511432121514880445334256442317583",
                    "215631509190130614950731538068129801662",
                    "14934939567025485057297003720762987776",
                    "301088263237368198422355583340185968111",
                    "160364715725206012533217877395764884215",
                    "277312511432121514880445334256442317583",
                    "215631509190130614950731538068129801662",
                    "14934939567025485057297003720762987776",
                    "109725220448925549931635803942821075455",
                    "307520553355166449773085376864574377107",
                    "250930862893698800802467478106603718999",
                    "118080646153056444353964411301831564746",
                    "141659211143879742304022490176222501022",
                    "198516492182538729912405465337904091103",
                    "217106799193293312340383186906426194131",
                    "7397032083592044428714565800923071329",
                    "151504451180928648502687094723131443583",
                    "139317428699747889858124752718420697288",
                    "64985835885397232212285452255761324306"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2021-46822-692d368f",
            "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "get_word_rgb_row",
                "file": "rdppm.c"
            },
            "digest": {
                "length": 932.0,
                "function_hash": "182312530622160650449074891296046880301"
            },
            "signature_version": "v1",
            "id": "CVE-2021-46822-6f698acc",
            "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "function": "start_input_ppm",
                "file": "rdppm.c"
            },
            "digest": {
                "length": 4737.0,
                "function_hash": "236958233622389590308291619840792029626"
            },
            "signature_version": "v1",
            "id": "CVE-2021-46822-cedc80d1",
            "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2",
            "signature_type": "Function",
            "deprecated": false
        }
    ]
}