CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20330

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
https://usn.ubuntu.com/4190-1/
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
https://usn.ubuntu.com/4190-1/

Products affected by CVE-2018-20330

Libjpeg-Turbo » Libjpeg-Turbo » Version: 2.0.1

cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20330

Products

Pricing

Contact Us