<p>There is no fixed version for <code>Debian:8</code> <code>libjpeg-turbo</code>.</p>

Out-of-bounds Write Affecting libjpeg-turbo package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.88% (83^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN8-LIBJPEGTURBO-482135
published 10 Nov 2019
disclosed 13 Nov 2019

Report a new vulnerability Found a mistake?

Introduced: 10 Nov 2019

CVE-2019-2201 Open this link in a new tab CWE-787 Open this link in a new tab

How to fix?

There is no fixed version for Debian:8 libjpeg-turbo.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libjpeg-turbo package and not the libjpeg-turbo package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338