UbuntuUpdates.org

Package "libturbojpeg"

Name: libturbojpeg

Description:

IJG JPEG compliant runtime library.

Latest version: 1.3.0-0ubuntu2.1
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: libjpeg-turbo
Homepage: http://libjpeg-turbo.virtualgl.org/

Links


Download "libturbojpeg"


Other versions of "libturbojpeg" in Trusty

Repository Area Version
base universe 1.3.0-0ubuntu2
security universe 1.3.0-0ubuntu2.1

Changelog

Version: 1.3.0-0ubuntu2.1 2018-07-09 19:07:02 UTC

  libjpeg-turbo (1.3.0-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via JPEG file
    - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
    - CVE-2014-9092
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2016-3616.patch: check range of integer values in
      PPM text file in cderror.h, rdppm.c.
    - CVE-2016-3616
    - CVE-2018-11213
    - CVE-2018-11214
  * SECURITY UPDATE: divide-by-zero via crafted file
    - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
    - CVE-2018-11212
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

 -- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:55:15 -0400

CVE-2014-9092 libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitra
CVE-2018-11213 An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation f
CVE-2018-11214 An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fa
CVE-2018-11212 An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero er
CVE-2018-1152 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.



About   -   Send Feedback to @ubuntu_updates