Skip to content

Commit

Permalink
libjpeg is not used (#2588) (#2589)
Browse files Browse the repository at this point in the history
(cherry picked from commit b608de5)

Co-authored-by: Matthew Leibowitz <mattleibow@live.com>
  • Loading branch information
github-actions[bot] and mattleibow authored Aug 28, 2023
1 parent 74b161e commit e9612b4
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions scripts/guardian/cve-triage.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,44 @@
"specVersion": "1.4",
"version": 1,
"vulnerabilities": [
{
"id": "CVE-2020-14152",
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14152"
},
"ratings": [
{
"source": {
"name": "NVD",
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2020-14152&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H&version=3.1"
},
"score": 7.1,
"severity": "high",
"method": "CVSSv31",
"vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"
}
],
"description": "In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.",
"recommendation": "",
"advisories": [],
"created": "NOT_KNOWN",
"published": "NOT_KNOWN",
"updated": "",
"analysis": {
"state": "not_affected",
"justification": "code_not_present",
"response": [
"will_not_fix"
],
"detail": "libjpeg is not used and the real dependency is libjpeg-turbo which never had this issue: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/500#issuecomment-772625597."
},
"affects": [
{
"ref": "urn:cbt:1/icu-project#international_components_for_unicode-1.8.1"
}
]
},
{
"id": "CVE-2007-4770",
"source": {
Expand Down

0 comments on commit e9612b4

Please sign in to comment.