Vulnerability Description
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVSS Score
7.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libjpeg-Turbo | Libjpeg-Turbo | 2.0.90 |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1943797Issue TrackingPermissions Required
- https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607Issue Tracking
- https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.cPatch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=1943797Issue TrackingPermissions Required
- https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607Issue Tracking
- https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.cPatch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-29390?
CVE-2021-29390 is a vulnerability with a CVSS score of 7.1 (HIGH). libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
How severe is CVE-2021-29390?
CVE-2021-29390 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29390?
Check the references section above for vendor advisories and patch information. Affected products include: Libjpeg-Turbo Libjpeg-Turbo, Fedoraproject Fedora.