MGASA-2018-0327
- Source
- https://advisories.mageia.org/MGASA-2018-0327.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0327.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2018-0327
- Related
- Published
- 2018-08-10T14:37:39Z
- Modified
- 2018-08-10T14:13:38Z
- Summary
- Updated libjpeg packages fix security vulnerabilities
- Details
-
Updated libjpeg package fixes security vulnerabilities:
It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image (CVE-2018-1152).
It was found that libjpeg had a defect where, due to a mishandled EOF, a specially crafted malformed input file (specifically a file with a valid Targa header but incomplete pixel data) would cause cjpeg to generate a file that was potentially thousands of times larger than the input file (CVE-2018-11813).
- References
-
- https://advisories.mageia.org/MGASA-2018-0327.html
- https://bugs.mageia.org/show_bug.cgi?id=23238
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3CDV3ULRXQEMV7OHCB5MSITEIVOI5EPN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHRJSPZHPTSJWFXG5YW7OD4MM4WAPXFF/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / libjpeg
Package
- Name
- libjpeg
- Purl
- pkg:rpm/mageia/libjpeg?distro=mageia-6