[Security] libjpeg-turbo used in this project is vulnerable
Crispy-fried-chicken opened this issue · comments
Yiheng Cao commented
CVE-2021-46822 is a security vulnerability in libjpeg-turbo, which is used in this project. The root cause of this CVE is heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
Would you can help to check if this bug is true? If it's true, you can easily fix this vulnerability by applying this patch. Of course, I'd like to open a PR for that if necessary. Thank you for your effort and patience!