GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jun 05, 2016 8:26 pm Post subject: [ GLSA 201606-03 ] libjpeg-turbo |
|
|
Gentoo Linux Security Advisory
Title: libjpeg-turbo: Multiple vulnerabilities (GLSA 201606-03)
Severity: normal
Exploitable: remote
Date: June 05, 2016
Bug(s): #491150, #531418
ID: 201606-03
Synopsis
Two vulnerabilities have been discovered in libjpeg-turbo, the
worse of which could allow remote attackers access to sensitive
information.
Background
libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library
Affected Packages
Package: media-libs/libjpeg-turbo
Vulnerable: < 1.4.2
Unaffected: >= 1.4.2
Architectures: All supported architectures
Description
libjpeg-turbo does not check for certain duplications of component data
during the reading of segments that follow Start Of Scan (SOS) JPEG
markers.
Impact
Remote attackers could obtain sensitive information from uninitialized
memory locations via a crafted JPEG images.
Workaround
There is no known workaround at this time.
Resolution
All libjpeg-turbo users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.4.2"
|
References
CVE-2013-6629
CVE-2013-6630 |
|