diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e85f7ea6784c..a2fab951b379 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,63 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + + + mozjpeg + 4.0.0 + + + + +

NIST reports:

+
+
Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
+
+

+ + + + CVE-2020-13790 + https://nvd.nist.gov/vuln/detail/CVE-2020-13790 + + + 2020-06-03 + 2020-10-10 + + + + + libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. + + + libjpeg-turbo + 2.0.4 + + + + +

libjpeg-turbo releases reports:

+
This release fixes the following security issue:
+
+
Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
+
+

+ + + + CVE-2020-13790 + https://nvd.nist.gov/vuln/detail/CVE-2020-13790 + + + 2020-06-03 + 2020-10-10 + + + Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra