CVE-2021-46822: 
NixOS vulnerability analysis and mitigation

The PPM reader in libjpeg-turbo through version 2.0.90 contains a vulnerability related to the mishandling of tjLoadImage function when loading 16-bit binary PPM files into grayscale buffers and 16-bit binary PGM files into RGB buffers. This issue is specifically connected to a heap-based buffer overflow in the getwordrgb_row function in rdppm.c (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue specifically occurs in versions after 1.5.3 up to and including 2.0.90, affecting implementations that include the tjLoadImage function. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD, Ubuntu).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. When exploited, it can lead to a heap-based buffer overflow condition, potentially causing application crashes or denial of service (NVD).

The issue has been fixed in subsequent releases of libjpeg-turbo. A patch was implemented through commit f35fd27, which makes the PPM reader throw an error rather than segfaulting when attempting to load a 16-bit PPM file into a grayscale buffer. For affected systems, updating to the latest version of libjpeg-turbo is recommended (Github Patch).