[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
From: Huzaifa Sidhpurwala <huzaifas () redhat ! com>
Date: 2012-07-17 4:59:39
Message-ID: 5004EF0E.50009 () redhat ! com
[Download RAW message or body]
Hi all,
We were made aware of a flaw in libjpeg-turbo by Chris Evans of Google
security team. Details as follows:
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=826849
http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830
This issue has been assigned CVE-2012-2806.
Upstream release of libjpeg-turbo-1.2.1 resolves this issue.
--
Huzaifa Sidhpurwala / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic