CVE-2021-29390
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Aug 22, 2023
Updated: Nov 7, 2023
CWE ID 787
Summary
CVE-2021-29390 is a vulnerability affecting libjpeg-turbo version 2.0.90. It involves a heap-based buffer over-read issue in the "decompress_smooth_data" function of the file "jdcoefct.c". This flaw permits an attacker to write two extra bytes to an unintended memory location during the JPEG image decompression process, resulting in potential memory corruption and potential code execution. This vulnerability poses a serious risk, particularly in environments where JPEG files are frequently processed, and upgrading to a patched version is strongly recommended.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Fedora Operating System
- Libjpeg-turbo
Affected Vendors
- Fedora Project