ALT-PU-2019-1631-1
Package libjpeg-turbo updated to version 2.0.2-alt1 for branch sisyphus in task 226996.
Closed vulnerabilities
Published: 2014-03-12
BDU:2021-01309
Уязвимость функции get_8bit_row (rdbmp.c) библиотеки программ libjpeg, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2019-03-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1118
- openSUSE-SU-2019:1343
- openSUSE-SU-2019:1343
- RHSA-2019:2052
- RHSA-2019:2052
- RHSA-2019:3705
- RHSA-2019:3705
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/mozilla/mozjpeg/issues/299
- https://github.com/mozilla/mozjpeg/issues/299
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20190318 [SECURITY] [DLA 1719-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
- FEDORA-2019-87e2fa8e0f
- FEDORA-2019-87e2fa8e0f
- USN-4190-1
- USN-4190-1