Arch Linux Security Advisory ASA-201411-33 ========================================== Severity: Medium Date : 2014-11-28 CVE-ID : CVE-2014-9092 Package : libjpeg-turbo Type : denial of service Remote : No Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package libjpeg-turbo before version 1.3.1-3 is vulnerable to denial of service. Resolution ========== Upgrade to 1.3.1-3. # pacman -Syu "libjpeg-turbo>=1.3.1-3" The problem has been fixed upstream but a new version has not been released yet. Workaround ========== None. Description =========== Special crafted jpeg files lead to stack smashing and lead to at least a dos (maybe remote due to imagick). The Huffman encoder's local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block (basically junk image data) is being encoded. Even though the Huffman local buffer was increased from 128 bytes to 136 bytes to address the previous issue, the new issue caused even the larger buffer to be overrun. Further analysis reveals that, in the absolute worst case (such as setting alternating AC coefficients to 32767 and -32768 in the JPEG scanning order), the Huffman encoder can produce encoded blocks that approach double the size of the unencoded blocks. Thus, the Huffman local buffer was increased to 256 bytes, which should prevent any such issue from re-occurring in the future. Impact ====== An attacker can cause a denial of service or other unspecified impact by supplying a specially crafted JPEG file. References ========== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9092 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369 http://sourceforge.net/p/libjpeg-turbo/code/1427/ https://bugs.archlinux.org/task/42922