(CVE-2012-2806) libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
Bug #1025537 reported by
Karma Dorje
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libjpeg-turbo (Fedora) |
Unknown
|
Unknown
|
|||
libjpeg-turbo (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
References:
https:/
http://
This issue has been assigned CVE-2012-2806.
Upstream release of libjpeg-turbo-1.2.1 resolves this issue.
Related branches
CVE References
visibility: | private → public |
To post a comment you must log in.
I've had 1.2.1 ready to go for some time and have been trying to get someone to sponsor an upload for both p and q.
ppa:tom- gall/packages
or
ppa:linaro- maintainers/ overlay
As currently packaged they don't mention the (now public knowledge) issue documented here. I'll update that this evening, refresh and update this bug.