[arch-security] [Arch Linux Security Advisory ASA-201411-33] libjpeg-turbo: denial of service
rgacogne at archlinux.org
Fri Nov 28 09:02:55 UTC 2014
Arch Linux Security Advisory ASA-201411-33
Date : 2014-11-28
CVE-ID : CVE-2014-9092
Package : libjpeg-turbo
Type : denial of service
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE-2014
The package libjpeg-turbo before version 1.3.1-3 is vulnerable to denial
Upgrade to 1.3.1-3.
# pacman -Syu "libjpeg-turbo>=1.3.1-3"
The problem has been fixed upstream but a new version has not been
Special crafted jpeg files lead to stack smashing and lead to at least
a dos (maybe remote due to imagick).
The Huffman encoder's local buffer can be overrun when a buffered
destination manager is being used and an extremely-high-frequency block
(basically junk image data) is being encoded.
Even though the Huffman local buffer was increased from 128 bytes to 136
bytes to address the previous issue, the new issue caused even the
larger buffer to be overrun. Further analysis reveals that, in the
absolute worst case (such as setting alternating AC coefficients to
32767 and -32768 in the JPEG scanning order), the Huffman encoder can
produce encoded blocks that approach double the size of the unencoded
blocks. Thus, the Huffman local buffer was increased to 256 bytes, which
should prevent any such issue from re-occurring in the future.
An attacker can cause a denial of service or other unspecified impact by
supplying a specially crafted JPEG file.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security