UbuntuUpdates.org

Package "libjpeg-turbo"

Name: libjpeg-turbo

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IJG JPEG compliant runtime library.
  • Debugging symbols for the libjpeg-turbo library
  • Development files for the IJG JPEG library
Latest version: 1.3.0-0ubuntu2.1
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libjpeg-turbo" in Trusty

Repository Area Version
base main 1.3.0-0ubuntu2
security main 1.3.0-0ubuntu2.1
security universe 1.3.0-0ubuntu2.1
updates universe 1.3.0-0ubuntu2.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.0-0ubuntu2.1 2018-07-09 19:07:01 UTC

  libjpeg-turbo (1.3.0-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via JPEG file
    - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
    - CVE-2014-9092
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2016-3616.patch: check range of integer values in
      PPM text file in cderror.h, rdppm.c.
    - CVE-2016-3616
    - CVE-2018-11213
    - CVE-2018-11214
  * SECURITY UPDATE: divide-by-zero via crafted file
    - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
    - CVE-2018-11212
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

 -- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:55:15 -0400
CVE-2014-9092 libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitra
CVE-2018-11213 An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation f
CVE-2018-11214 An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fa
CVE-2018-11212 An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero er
CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.


About   -   Send Feedback to @ubuntu_updates