Bug 1200720 (CVE-2021-46822)

Summary: VUL-0: CVE-2021-46822: jpeg,libjpeg-turbo,libjpeg62-turbo: Heap buffer overflow in get_word_rgb_row in rdppm.c
Product: [Novell Products] SUSE Security Incidents Reporter: Hu <cathy.hu>
Component: IncidentsAssignee: package coldpool <coldpool>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/335109/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Hu 2022-06-20 14:58:21 UTC 
CVE-2021-46822

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for
loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit
binary PGM file into an RGB buffer. This is related to a heap-based buffer
overflow in the get_word_rgb_row function in rdppm.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46822
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822
https://exchange.xforce.ibmcloud.com/vulnerabilities/221567
Comment 1 Hu 2022-06-20 14:59:52 UTC 
Not Affected (the patch applies, but tjLoadImage does not exist):
- SUSE:SLE-11:Update/jpeg                 6b
- SUSE:SLE-12:Update/libjpeg-turbo        1.5.3
- SUSE:SLE-12:Update/libjpeg62-turbo      1.5.3
- SUSE:SLE-15:Update/libjpeg-turbo        1.5.3
- SUSE:SLE-15:Update/libjpeg62-turbo      1.5.3

Not affected (Already fixed):
- SUSE:SLE-15-SP4:Update/libjpeg-turbo    2.1.1
- SUSE:SLE-15-SP4:Update/libjpeg62-turbo  2.1.1
- openSUSE:Factory/libjpeg-turbo          2.1.3
- openSUSE:Factory/libjpeg62-turbo        2.1.3