CVE-2020-17541: Out-of-bounds Write

June 1, 2021 (updated June 14, 2021)

Libjpeg-turbo all version have a stack-based buffer overflow in the “transform” component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

References

github.com/libjpeg-turbo/libjpeg-turbo/issues/392
nvd.nist.gov/vuln/detail/CVE-2020-17541

Code Behaviors & Features

Detect and mitigate CVE-2020-17541 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →