CVE-2022-31620

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-31620
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31620.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31620
Downstream
Published
2022-05-25T21:15:08.530Z
Modified
2026-04-12T02:56:55.935624Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.

References

Affected packages

Git / github.com/thorfdbg/libjpeg

Affected ranges

Type
GIT
Repo
https://github.com/thorfdbg/libjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
Type
GIT
Repo
https://github.com/thorfdbg/libjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a

Database specific

vanir_signatures_modified 
"2026-04-12T02:56:55Z"
vanir_signatures 
[
    {
        "id": "CVE-2022-31620-18827a1f",
        "target": {
            "file": "codestream/acsequentialscan.hpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "186515129273422912655477923119450999042",
                "147453798164806205130488347625362451109",
                "16968755504207578523679316907730905516",
                "253044506732920013515339365471550250661",
                "99209718587507523376063296690888769072",
                "146661309766104287349401474226802036816",
                "194227966335026653130650283276622508285",
                "277465092980987228036941595478178110062",
                "253542114589594964011525842990856327744",
                "231188884604362771079561238625487223999",
                "296882470420899599943576319706602870045",
                "18292429498740745363084797460594384412",
                "173888214644712204636276201966532742869",
                "90287023745959908740713512293171632391",
                "313834773285695821781481914358823557089",
                "321733288971716863868621481220030115349",
                "115666247703395265372902601869057326973",
                "259540850795285340306153413675779753300",
                "311967621330647135819079165376719037292",
                "52496518854853295374807505216643942779",
                "304142591639725937910502011041158683322",
                "256273182895750483755885222761416925501"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-557637e6",
        "target": {
            "file": "codestream/acsequentialscan.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "205743886806719137885499445176810922548",
                "299964622176434139076387102382215059896",
                "142893341764770116380783444920888296688",
                "305883485110179658241137087489525222280",
                "93041601773360760002707497293510499715",
                "146083760197103536463300640826003286523",
                "159809258615746469396245357878188650978",
                "154650727139385298724004313807310483211",
                "305883485110179658241137087489525222280",
                "93041601773360760002707497293510499715",
                "146083760197103536463300640826003286523"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-5ab1395c",
        "target": {
            "file": "codestream/rectanglerequest.hpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "182675676894462993837954544437769344148",
                "124018396871588123691975579468304207346",
                "326231594757181300490222585762870846531",
                "289579299655554488860762172627755265948",
                "281950289408806910287653279384742469404",
                "101227475832224129224393425063543878110",
                "68976201093589086047817230091131528136",
                "106738809801848246367856243498127715121",
                "193250791931893848747901171489906123629",
                "95984014175099196805168667253696020687",
                "9960600758822336689689816780156541826"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-91407f51",
        "target": {
            "file": "codestream/losslessscan.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "326843785727370704034399458593057875666",
                "118245136084514491587313971128773025997",
                "57613350087562932332153911446110856338",
                "198275589942104321305315459601824700838",
                "289500007422509667858773211410488370847"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-a01499cc",
        "target": {
            "file": "codestream/losslessscan.cpp",
            "function": "LosslessScan::ParseMCU"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "288677410568477342608143735348058225828",
            "length": 1148.0
        },
        "signature_type": "Function",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-b5d49ab0",
        "target": {
            "file": "codestream/aclosslessscan.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "214570719736653225685392120736293485051",
                "12080925410558673059100516082368505538",
                "104335719938593474339738508845629542796",
                "242506252337685078850875167826772061504",
                "241665615563728301148107386261547208376"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-d554cd58",
        "target": {
            "file": "codestream/aclosslessscan.hpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "330917023562873839592089258962660281379",
                "139830765633574962013865512592953989010",
                "291349888720475367161613249651360705812",
                "288371187391948498885560539136784766399",
                "266922715748674193155708286960959998183",
                "67388171347694783893360456866184483565",
                "201770001757034117954516872896594755463",
                "9942221181583605101706086291817290407",
                "250649210873373750029641431406369592899"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-ee617430",
        "target": {
            "file": "codestream/aclosslessscan.cpp",
            "function": "ACLosslessScan::ParseMCU"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "303077408437668248058289136740241516192",
            "length": 1666.0
        },
        "signature_type": "Function",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-31620-fcda83cc",
        "target": {
            "file": "codestream/acsequentialscan.cpp",
            "function": "ACSequentialScan::DecodeBlock"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "97610785424190188083768204425450950485",
            "length": 2279.0
        },
        "signature_type": "Function",
        "source": "https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31620.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.64"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.64"
            }
        ]
    }
]