Package "libjpeg-turbo"
Name: |
libjpeg-turbo
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- IJG JPEG compliant runtime library.
- Debugging symbols for the libjpeg-turbo library
- Development files for the IJG JPEG library
|
Latest version: |
1.5.2-0ubuntu5.18.04.6 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "libjpeg-turbo" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
libjpeg-turbo (1.5.2-0ubuntu5.18.04.6) bionic-security; urgency=medium
* SECURITY UPDATE: large loop because read_pixel mishandles EOF
- debian/patches/CVE-2018-11813.patch: fix read handling in rdtarga.c.
- CVE-2018-11813
* SECURITY UPDATE: stack-based buffer overflow in the "transform"
component
- debian/patches/CVE-2020-17541.patch: fix very rare local buffer
overrun in jchuff.c.
- CVE-2020-17541
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-35538-pre1.patch: fix jpeg_skip_scanlines()
segfault w/merged upsamp in jdapistd.c.
- debian/patches/CVE-2020-35538.patch: fix jpeg_skip_scanlines()
segfault w/merged upsamp in jdapistd.c, jdmerge.c, jdmerge.h,
jdmrg565.c, jdmrgext.c.
- debian/patches/CVE-2020-35538-2.patch: further jpeg_skip_scanlines()
fixes in CMakeLists.txt, croptest.in, jdapistd.c.
- CVE-2020-35538
-- Marc Deslauriers <email address hidden> Wed, 21 Sep 2022 14:07:11 -0400
|
Source diff to previous version |
CVE-2018-11813 |
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. |
CVE-2020-17541 |
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the se |
CVE-2020-35538 |
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. |
|
libjpeg-turbo (1.5.2-0ubuntu5.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer over-read
- debian/patches/CVE-2020-13790.patch: fix buf overrun caused
by bad binary PPM in rdppm.c.
- CVE-2020-13790
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jun 2020 13:24:18 -0300
|
Source diff to previous version |
CVE-2020-13790 |
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. |
|
libjpeg-turbo (1.5.2-0ubuntu5.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14498.patch: Fix OOB read
caused by malformed 8-bit BMP in cderror.h, rdbmp.c, rdppm.c.
- CVE-2018-14498
* SECURITY UPDATE: Several integer overflow and subsequent
segfaults
- debian/patches/CVE-2019-2201.patch: properly handled
gigapixel images in java/TJBench.java, tjbench.c,
turbojpeg.c.
- CVE-2019-2201
-- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Nov 2019 10:09:57 -0300
|
Source diff to previous version |
CVE-2018-14498 |
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer ov |
|
libjpeg-turbo (1.5.2-0ubuntu5.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference via JPEG image
- debian/patches/CVE-2017-15232-1.patch: exit gracefully with non-PPM
formats in djpeg.1, djpeg.c.
- debian/patches/CVE-2017-15232-2.patch: add further partial image
decompression fixes in cdjpeg.h, djpeg.1, djpeg.c, jdapistd.c,
wrbmp.c, wrgif.c, wrppm.c, wrppm.h, wrrle.c, wrtarga.c.
- CVE-2017-15232
* SECURITY UPDATE: division by zero via BMP image
- debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
- CVE-2018-1152
-- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:18:48 -0400
|
CVE-2017-15232 |
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. |
CVE-2018-1152 |
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. |
|
About
-
Send Feedback to @ubuntu_updates