CVE-2020-17541

high

Description

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

References

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392

https://cwe.mitre.org/data/definitions/121.html

Details

Source: Mitre, NVD

Published: 2021-06-01

Updated: 2022-11-07

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High