*** This bug is a security vulnerability *** Public security bug reported:
A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. References: https://bugzilla.redhat.com/show_bug.cgi?id=826849 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 This issue has been assigned CVE-2012-2806. Upstream release of libjpeg-turbo-1.2.1 resolves this issue. ** Affects: libjpeg-turbo (Ubuntu) Importance: Undecided Status: New ** Affects: libjpeg-turbo (Fedora) Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2806 ** Bug watch added: Red Hat Bugzilla #826849 https://bugzilla.redhat.com/show_bug.cgi?id=826849 ** Also affects: libjpeg-turbo (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=826849 Importance: Unknown Status: Unknown ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025537 Title: (CVE-2012-2806) libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1025537/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
