Package "libturbojpeg"
Links
Download "libturbojpeg"
Other versions of "libturbojpeg" in Trusty
Changelog
libjpeg-turbo (1.3.0-0ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via JPEG file
- debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
- CVE-2014-9092
* SECURITY UPDATE: denial of service via crafted file
- debian/patches/CVE-2016-3616.patch: check range of integer values in
PPM text file in cderror.h, rdppm.c.
- CVE-2016-3616
- CVE-2018-11213
- CVE-2018-11214
* SECURITY UPDATE: divide-by-zero via crafted file
- debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
- CVE-2018-11212
* SECURITY UPDATE: division by zero via BMP image
- debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
- CVE-2018-1152
-- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:55:15 -0400
|
CVE-2014-9092 |
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. |
CVE-2016-3616 |
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitra |
CVE-2018-11213 |
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation f |
CVE-2018-11214 |
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fa |
CVE-2018-11212 |
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero er |
CVE-2018-1152 |
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. |
|
About
-
Send Feedback to @ubuntu_updates