MGASA-2019-0132
- Source
- https://advisories.mageia.org/MGASA-2019-0132.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0132.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0132
- Related
- Published
- 2019-04-05T18:12:59Z
- Modified
- 2019-04-05T17:37:26Z
- Summary
- Updated libjpeg packages fix security vulnerability
- Details
-
get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498)
- References
-
- https://advisories.mageia.org/MGASA-2019-0132.html
- https://bugs.mageia.org/show_bug.cgi?id=24565
- http://lists.suse.com/pipermail/sle-security-updates/2019-March/005227.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / libjpeg
Package
- Name
- libjpeg
- Purl
- pkg:rpm/mageia/libjpeg?distro=mageia-6