Date: Tue, 17 Jul 2012 10:20:22 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images Hi all, We were made aware of a flaw in libjpeg-turbo by Chris Evans of Google security team. Details as follows: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. References: https://bugzilla.redhat.com/show_bug.cgi?id=826849 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 This issue has been assigned CVE-2012-2806. Upstream release of libjpeg-turbo-1.2.1 resolves this issue. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.