Project

General

Profile

Bug #9426

libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
09/20/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c
via a crafted JPEG file.

References:

https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
https://nvd.nist.gov/vuln/detail/CVE-2017-15232

CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by
a divide by zero when processing a crafted BMP image.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-1152

Patch:

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6

CVE-2018-11813: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF

Reference:

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242

Patch:

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3ed252eed17ed6cc2ecfc


Subtasks

Bug #9427: [3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813)ClosedNatanael Copa

Bug #9428: [3.8] libjpeg-turbo: Multiple vulnerabilities (CVE-2018-1152, CVE-2018-11813)ClosedNatanael Copa

Bug #9429: [3.7] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)ClosedNatanael Copa

Bug #9430: [3.6] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)ClosedNatanael Copa

Bug #9431: [3.5] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)ClosedNatanael Copa

History

#1 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed
  • Security IDs deleted (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)

Also available in: Atom PDF