Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2396)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the Huawei EulerOS 'libjpeg-turbo' package(s) announced via the EulerOS-SA-2021-2396 advisory.
Insight
Insight
Libjpeg-turbo all version have a stack-based buffer overflow in the 'transform' component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.(CVE-2020-17541) In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.(CVE-2020-14152) In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338(CVE-2019-2201)
Affected Software
Affected Software
'libjpeg-turbo' package(s) on Huawei EulerOS V2.0SP2.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).