A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

The version of libjpeg-turbo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35538 advisory.

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libjpeg-turbo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3523-1 advisory.

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3475-1 advisory.

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5631-1 advisory.

  - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813)

  - Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote     attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of     service of the target service. (CVE-2020-17541)

  - A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by     libjpeg-turbo. (CVE-2020-35538)

  - The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary     PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related     to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. (CVE-2021-46822)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
173527	CBL Mariner 2.0 Security Update: libjpeg-turbo (CVE-2020-35538)	Nessus	MarinerOS Local Security Checks	medium
169866	EulerOS Virtualization 2.10.0 : libjpeg-turbo (EulerOS-SA-2023-1169)	Nessus	Huawei Local Security Checks	medium
169772	EulerOS Virtualization 2.10.1 : libjpeg-turbo (EulerOS-SA-2023-1148)	Nessus	Huawei Local Security Checks	medium
169753	EulerOS Virtualization 2.9.1 : libjpeg-turbo (EulerOS-SA-2023-1194)	Nessus	Huawei Local Security Checks	medium
169742	EulerOS Virtualization 2.9.0 : libjpeg-turbo (EulerOS-SA-2023-1224)	Nessus	Huawei Local Security Checks	medium
169011	EulerOS 2.0 SP10 : libjpeg-turbo (EulerOS-SA-2022-2849)	Nessus	Huawei Local Security Checks	medium
168976	EulerOS 2.0 SP10 : libjpeg-turbo (EulerOS-SA-2022-2824)	Nessus	Huawei Local Security Checks	medium
167416	EulerOS 2.0 SP9 : libjpeg-turbo (EulerOS-SA-2022-2733)	Nessus	Huawei Local Security Checks	medium
167377	EulerOS 2.0 SP9 : libjpeg-turbo (EulerOS-SA-2022-2768)	Nessus	Huawei Local Security Checks	medium
165667	SUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2022:3523-1)	Nessus	SuSE Local Security Checks	medium
165609	SUSE SLES12 Security Update : libjpeg-turbo (SUSE-SU-2022:3475-1)	Nessus	SuSE Local Security Checks	medium
165321	Ubuntu 18.04 LTS / 20.04 LTS : libjpeg-turbo vulnerabilities (USN-5631-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2020-35538

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high