OpenCVE

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libjpeg-turbo	Libjpeg-turbo
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
libjpeg-turbo-0:2.0.90-6.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:1068	2023-03-06T00:00:00Z

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/221567
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2
https://nvd.nist.gov/vuln/detail/CVE-2021-46822
https://www.cve.org/CVERecord?id=CVE-2021-46822

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-18T15:27:44

Updated: 2024-08-04T05:17:42.633Z

Reserved: 2022-06-18T00:00:00

Link: CVE-2021-46822

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-18T16:15:08.110

Modified: 2024-11-21T06:34:45.830

Link: CVE-2021-46822

Redhat

Severity : Moderate

Publid Date: 2021-04-07T00:00:00Z

Links: CVE-2021-46822 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-18T15:27:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-46822", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2", "refsource": "MISC", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.633Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-46822", "datePublished": "2022-06-18T15:27:44", "dateReserved": "2022-06-18T00:00:00", "dateUpdated": "2024-08-04T05:17:42.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "matchCriteriaId": "D00A0BE6-ADFB-43D4-97F5-DE2CEBC13FFB", "versionEndIncluding": "2.0.90", "versionStartExcluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c."}, {"lang": "es", "value": "El lector PPM en libjpeg-turbo versiones hasta 2.0.90, maneja inapropiadamente el uso de tjLoadImage para cargar un archivo PPM binario de 16 bits en un b\u00fafer de escala de grises y cargar un archivo PGM binario de 16 bits en un b\u00fafer RGB. Esto est\u00e1 relacionado con un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n get_word_rgb_row en rdppm.c"}], "id": "CVE-2021-46822", "lastModified": "2024-11-21T06:34:45.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-18T16:15:08.110", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221567"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1068", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libjpeg-turbo-0:2.0.90-6.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-03-06T00:00:00Z"}], "bugzilla": {"description": "libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c", "id": "2100044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100044"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash."], "name": "CVE-2021-46822", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libjpeg-turbo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libjpeg-turbo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libjpeg-turbo", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46822\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46822\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/221567"], "statement": "The only way that users could potentially encounter these issues is through the tjLoadImage() function. TJBench and cjpeg are unaffected.\nRHEL-8 ships libjpeg-turbo v1.5.3 which does not include vulnerable tjLoadImage() functionality.", "threat_severity": "Moderate", "upstream_fix": "libjpeg-turbo 2.1.0"}