CVE-2022-31620: Improper Restriction of Operations within the Bounds of a Memory Buffer

May 25, 2022 (updated June 7, 2022)

In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.

References

github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
github.com/thorfdbg/libjpeg/issues/70
nvd.nist.gov/vuln/detail/CVE-2022-31620

Code Behaviors & Features

Detect and mitigate CVE-2022-31620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →