mailing list archives
libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 17 Jul 2012 10:20:22 +0530
We were made aware of a flaw in libjpeg-turbo by Chris Evans of Google
security team. Details as follows:
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
This issue has been assigned CVE-2012-2806.
Upstream release of libjpeg-turbo-1.2.1 resolves this issue.
Huzaifa Sidhpurwala / Red Hat Security Response Team
- libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images Huzaifa Sidhpurwala (Jul 17)