Vulnerability Description
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libjpeg-Turbo | Libjpeg-Turbo | <= 2.0.90 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/221567Third Party AdvisoryVDB Entry
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa59PatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/221567Third Party AdvisoryVDB Entry
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa59PatchThird Party Advisory
FAQ
What is CVE-2021-46822?
CVE-2021-46822 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This ...
How severe is CVE-2021-46822?
CVE-2021-46822 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46822?
Check the references section above for vendor advisories and patch information. Affected products include: Libjpeg-Turbo Libjpeg-Turbo.