First published: Tue Aug 22 2023(Updated: )
libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libjpeg-turbo Libjpeg-turbo | =2.0.90 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
redhat/libjpeg-turbo | <2.1.0 | 2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29390 is a vulnerability in libjpeg-turbo version 2.0.90 that allows for a heap-based buffer over-read in the decompress_smooth_data function in jdcoefct.c.
CVE-2021-29390 affects libjpeg-turbo version 2.0.90.
The severity of CVE-2021-29390 is high with a CVSS score of 7.1.
To fix CVE-2021-29390, update to a version of libjpeg-turbo that is not affected by the vulnerability.
You can find more information about CVE-2021-29390 on the Red Hat Bugzilla page and the libjpeg-turbo GitHub repository.