CVE-2019-13960
Published: July 18th, 2019
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes
MEDIUM
CVSS v3: 5.5
CVSS v3: 5.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 26.1.1 | libjpeg-turbo (3.1.3) | Not Affected | Code Not Present | 3.1.3 does not match CVE configuration. |
| 26.1 | libjpeg-turbo (3.1.3) | Not Affected | Code Not Present | 3.1.3 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.0