UbuntuUpdates.org

Package "libjpeg-turbo"

Name: libjpeg-turbo

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IJG JPEG compliant runtime library.
  • Debugging symbols for the libjpeg-turbo library
  • Development files for the IJG JPEG library

Latest version: 1.5.2-0ubuntu5.18.04.3
Release: bionic (18.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "libjpeg-turbo": https://www.ubuntuupdates.org/libjpeg-turbo



Other versions of "libjpeg-turbo" in Bionic

Repository Area Version
base main 1.5.2-0ubuntu5
base universe 1.5.2-0ubuntu5
security main 1.5.2-0ubuntu5.18.04.3
security universe 1.5.2-0ubuntu5.18.04.3
updates universe 1.5.2-0ubuntu5.18.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.2-0ubuntu5.18.04.3 2019-11-13 16:07:13 UTC

  libjpeg-turbo (1.5.2-0ubuntu5.18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14498.patch: Fix OOB read
      caused by malformed 8-bit BMP in cderror.h, rdbmp.c, rdppm.c.
    - CVE-2018-14498
  * SECURITY UPDATE: Several integer overflow and subsequent
    segfaults
    - debian/patches/CVE-2019-2201.patch: properly handled
      gigapixel images in java/TJBench.java, tjbench.c,
      turbojpeg.c.
    - CVE-2019-2201

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Nov 2019 10:09:57 -0300

Source diff to previous version
CVE-2018-14498 get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer ov

Version: 1.5.2-0ubuntu5.18.04.1 2018-07-09 19:07:08 UTC

  libjpeg-turbo (1.5.2-0ubuntu5.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference via JPEG image
    - debian/patches/CVE-2017-15232-1.patch: exit gracefully with non-PPM
      formats in djpeg.1, djpeg.c.
    - debian/patches/CVE-2017-15232-2.patch: add further partial image
      decompression fixes in cdjpeg.h, djpeg.1, djpeg.c, jdapistd.c,
      wrbmp.c, wrgif.c, wrppm.c, wrppm.h, wrrle.c, wrtarga.c.
    - CVE-2017-15232
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

 -- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:18:48 -0400

CVE-2017-15232 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.



About   -   Send Feedback to @ubuntu_updates