CVE-2021-29390

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Aug 22, 2023
Updated: Nov 7, 2023
CWE ID 787

Summary

CVE-2021-29390 is a vulnerability affecting libjpeg-turbo version 2.0.90. It involves a heap-based buffer over-read issue in the "decompress_smooth_data" function of the file "jdcoefct.c". This flaw permits an attacker to write two extra bytes to an unintended memory location during the JPEG image decompression process, resulting in potential memory corruption and potential code execution. This vulnerability poses a serious risk, particularly in environments where JPEG files are frequently processed, and upgrading to a patched version is strongly recommended.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Fedora Operating System
  • Libjpeg-turbo

Affected Vendors

  • Fedora Project