Date: Tue, 17 Jul 2012 10:20:22 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images Hi all, We were made aware of a flaw in libjpeg-turbo by Chris Evans of Google security team. Details as follows: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. References: https://bugzilla.redhat.com/show_bug.cgi?id=826849 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 This issue has been assigned CVE-2012-2806. Upstream release of libjpeg-turbo-1.2.1 resolves this issue. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ