CVE Vulnerabilities

CVE-2022-34999

Incorrect Comparison

Published: Aug 16, 2022 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl.

Weakness

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Affected Software

Name Vendor Start Version End Version
Jpegdec Bitbanksoftware 1.2.7 (including) 1.2.7 (including)

Extended Description

This Pillar covers several possibilities:

References