CVE-2018-20330

Published December 21st, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

libjpeg-turbo/libjpeg-turbo

Main libjpeg-turbo repository

GitHub

4.33K