jpeg 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk memory corruption and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-37837 | libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | [email protected] | 6.5 | 0.51% | 2023-07-13 | 2026-06-17 |
| CVE-2023-37836 | libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | [email protected] | 6.5 | 0.51% | 2023-07-13 | 2026-06-17 |
| CVE-2022-37770 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | [email protected] | 6.5 | 0.62% | 2022-08-18 | 2026-06-17 |
| CVE-2022-37769 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | [email protected] | 6.5 | 0.62% | 2022-08-18 | 2026-06-17 |
| CVE-2022-37768 | libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | [email protected] | 7.5 | 0.81% | 2022-08-18 | 2026-06-17 |
| CVE-2022-35166 | libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. | [email protected] | 5.5 | 0.27% | 2022-08-18 | 2026-06-17 |
| CVE-2022-32978 | There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | [email protected] | 6.5 | 0.82% | 2022-06-10 | 2026-06-17 |
| CVE-2022-31796 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | [email protected] | 6.5 | 0.86% | 2022-06-02 | 2026-06-17 |
| CVE-2021-39520 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.84% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39519 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.84% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39518 | An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow. | [email protected] | 6.5 | 0.84% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39517 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.83% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39516 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.83% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39515 | An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.83% | 2021-09-20 | 2026-06-17 |
| CVE-2021-39514 | An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. | [email protected] | 6.5 | 0.83% | 2021-09-20 | 2026-06-17 |
| CVE-2021-28026 | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. | [email protected] | 7.8 | 1.17% | 2021-03-05 | 2026-06-16 |