Project

General

Profile

Bug #9428

Bug #9426: libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)

[3.8] libjpeg-turbo: Multiple vulnerabilities (CVE-2018-1152, CVE-2018-11813)

Added by Alicha CH 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/20/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by
a divide by zero when processing a crafted BMP image.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-1152

Patch:

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6

CVE-2018-11813: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF

Reference:

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242

Patch:

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3ed252eed17ed6cc2ecfc

Associated revisions

Revision 61e65acf (diff)
Added by Natanael Copa 4 months ago

main/libjpeg-turbo: backport security fix (CVE-2018-11813)

fixes #9428

History

#1 Updated by Alicha CH 4 months ago

  • Subject changed from [3.8] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813) to [3.8] libjpeg-turbo: Multiple vulnerabilities (CVE-2018-1152, CVE-2018-11813)

#2 Updated by Natanael Copa 4 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 4 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-1152, CVE-2018-11813)

Also available in: Atom PDF