It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11813)
It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-14498)
It was discovered that libjpeg-turbo was not properly limiting the amount of main memory being consumed by the system during decompression or multi-pass compression operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14152)
It was discovered that libjpeg-turbo was not properly setting variable sizes when performing certain kinds of encoding operations, which could lead to a stack-based buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-17541)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "libjpeg-turbo-progs", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo-progs-dbgsym", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo-test", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo-test-dbgsym", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo8", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo8-dbg", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo8-dbgsym", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo8-dev", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libjpeg-turbo8-dev-dbgsym", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libturbojpeg", "binary_version": "1.3.0-0ubuntu2.1+esm2" }, { "binary_name": "libturbojpeg-dbgsym", "binary_version": "1.3.0-0ubuntu2.1+esm2" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "libjpeg-turbo-progs", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo-progs-dbgsym", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo-test", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo-test-dbgsym", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo8", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo8-dbg", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo8-dbgsym", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo8-dev", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libjpeg-turbo8-dev-dbgsym", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libturbojpeg", "binary_version": "1.4.2-0ubuntu3.4+esm1" }, { "binary_name": "libturbojpeg-dbgsym", "binary_version": "1.4.2-0ubuntu3.4+esm1" } ] }