It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11813)
It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2018-14498)
It was discovered that libjpeg-turbo was not properly limiting the amount of main memory being consumed by the system during decompression or multi-pass compression operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14152)
It was discovered that libjpeg-turbo was not properly setting variable sizes when performing certain kinds of encoding operations, which could lead to a stack-based buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-17541)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libjpeg-turbo8-dbg": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo-test-dbgsym": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo-progs": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo-test": "1.3.0-0ubuntu2.1+esm2", "libturbojpeg": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo8-dev-dbgsym": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo8-dev": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo8-dbgsym": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo8": "1.3.0-0ubuntu2.1+esm2", "libjpeg-turbo-progs-dbgsym": "1.3.0-0ubuntu2.1+esm2", "libturbojpeg-dbgsym": "1.3.0-0ubuntu2.1+esm2" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libjpeg-turbo8-dbg": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo-test-dbgsym": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo-progs": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo-test": "1.4.2-0ubuntu3.4+esm1", "libturbojpeg": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo8-dev-dbgsym": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo8-dev": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo8-dbgsym": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo8": "1.4.2-0ubuntu3.4+esm1", "libjpeg-turbo-progs-dbgsym": "1.4.2-0ubuntu3.4+esm1", "libturbojpeg-dbgsym": "1.4.2-0ubuntu3.4+esm1" } ] }