CVE-2020-17541: 
NixOS vulnerability analysis and mitigation

CVE-2020-17541 is a stack-based buffer overflow vulnerability affecting all versions of Libjpeg-turbo in the "transform" component. The vulnerability was disclosed on June 1, 2021. This security flaw affects the image processing library that is commonly used in various software applications for handling JPEG files (NVD, Ubuntu).

The vulnerability is characterized as a stack-based buffer overflow in the transform component of Libjpeg-turbo. It received a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue specifically occurs in the encodeoneblock function within the library's processing chain, which can be triggered when handling malformed JPEG files (NVD, Github Issue).

When exploited, this vulnerability can lead to arbitrary code execution or denial of service of the target service. An attacker who successfully exploits this vulnerability could potentially execute unauthorized code with the privileges of the application using the affected library, or cause the application to crash (NVD, Ubuntu Security).

The vulnerability has been fixed in various distribution releases. Ubuntu has released patches for multiple versions: Ubuntu 16.04 ESM (1.4.2-0ubuntu3.4+esm1), Ubuntu 14.04 ESM (1.3.0-0ubuntu2.1+esm2), and Ubuntu 20.04 LTS (2.0.3-0ubuntu1.20.04.3). Users are advised to update their systems to the patched versions (Ubuntu Security).