libjpeg-turbo-devel (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package libjpeg-turbo-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2021-29390 — CVSS 7.1 (high): libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.
CVE-2021-46822 — CVSS 5.5 (medium): The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer…