NIST reports :

- Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7540 advisory.

    [1.5.3-14]
    - updated previous fix (RHEL-87364)

    [1.5.3-13]
    - fix CVE-2020-13790: heap-based buffer over-read in get_rgb_row (RHEL-87364)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New libjpeg-turbo packages are available for Slackware 14.2 and
-current to fix a security issue.

This update for libjpeg-turbo fixes the following issues :

CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libjpeg-turbo fixes the following issues :

  - CVE-2020-13790: Fixed a heap-based buffer over-read via     a malformed PPM input file (bsc#1172491).

This update was imported from the SUSE:SLE-15:Update update project.

According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a     heap-based buffer over-read in get_rgb_row() in rdppm.c     via a malformed PPM input file.(CVE-2020-13790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

libjpeg-turbo releases reports :

This release fixes the following security issue :

- Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0444 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2020-13790:
    libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via     a malformed PPM input file.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
142952	FreeBSD : mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (040707f9-0b2a-11eb-8834-00155d01f202)	Nessus	FreeBSD Local Security Checks	2020/11/17	2024/2/8	high
236819	Oracle Linux 8 : libjpeg-turbo (ELSA-2025-7540)	Nessus	Oracle Linux Local Security Checks	2025/5/16	2025/9/11	high
137823	Slackware 14.2 / current : libjpeg-turbo (SSA:2020-176-02)	Nessus	Slackware Local Security Checks	2020/6/25	2024/3/5	high
140447	SUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2020:2569-1)	Nessus	SuSE Local Security Checks	2020/9/9	2024/2/21	high
140448	SUSE SLES12 Security Update : libjpeg-turbo (SUSE-SU-2020:2570-1)	Nessus	SuSE Local Security Checks	2020/9/9	2024/2/21	high
140686	openSUSE Security Update : libjpeg-turbo (openSUSE-2020-1458)	Nessus	SuSE Local Security Checks	2020/9/21	2024/2/20	high
140893	EulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2020-2126)	Nessus	Huawei Local Security Checks	2020/9/28	2024/2/19	high
142946	FreeBSD : libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. (23a667c7-0b28-11eb-8834-00155d01f202)	Nessus	FreeBSD Local Security Checks	2020/11/17	2024/2/8	high
275918	TencentOS Server 3: libjpeg-turbo (TSSA-2025:0444)	Nessus	Tencent Local Security Checks	2025/11/20	2025/11/20	high

检测

插件搜索

high

high

high

high

high

high

high

high

high