ALT-PU-2019-1611-1
Package libjpeg-turbo updated to version 1.5.3-alt1 for branch sisyphus in task 226932.
Closed vulnerabilities
Published: 2017-07-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-9614
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html
- http://packetstormsecurity.com/files/143518/libjpeg-turbo-1.5.1-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2017/Jul/66
- http://seclists.org/fulldisclosure/2017/Jul/66
- 20170726 libjpeg-turbo denial of service vulnerability
- 20170726 libjpeg-turbo denial of service vulnerability
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
- 42391
- 42391