MDVSA-2012:121
- Package name
- libjpeg-turbo
- Date
- 2012-08-01
- Advisory ID
- MDVSA-2012:121
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
A vulnerability has been discovered and corrected in libjpeg-turbo:
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
22126edfc4b866b219f44ba286d7bec7 2011/i586/jpeg-progs-1.1.1-1.1-mdv2011.0.i586.rpm 983947719c5d2d72affaa12d7a212673 2011/i586/libjpeg62-1.1.1-1.1-mdv2011.0.i586.rpm 855f23b907f2f2a20ec582668802af3b 2011/i586/libjpeg8-1.1.1-1.1-mdv2011.0.i586.rpm 3713a686dd32c348b04f489b687671e0 2011/i586/libjpeg-devel-1.1.1-1.1-mdv2011.0.i586.rpm af33ccf8296bd218d364b5557c1284a9 2011/i586/libjpeg-static-devel-1.1.1-1.1-mdv2011.0.i586.rpm ec0ff59b860f30b96311e76e06c7e57f 2011/SRPMS/libjpeg-turbo-1.1.1-1.1.src.rpm
2011 x86_64
ffa20228c1de0d40df4ecab727c8826f 2011/x86_64/jpeg-progs-1.1.1-1.1-mdv2011.0.x86_64.rpm 3d9e34e8e4250f9aa3a940d05b139acf 2011/x86_64/lib64jpeg62-1.1.1-1.1-mdv2011.0.x86_64.rpm eb25c0134c64bc23e92fff9b532c30ad 2011/x86_64/lib64jpeg8-1.1.1-1.1-mdv2011.0.x86_64.rpm 0ccc1fefcf0320c387de3b6ab73ae91c 2011/x86_64/lib64jpeg-devel-1.1.1-1.1-mdv2011.0.x86_64.rpm f08cddd88a7eff5fe3bee4d5066ed605 2011/x86_64/lib64jpeg-static-devel-1.1.1-1.1-mdv2011.0.x86_64.rpm ec0ff59b860f30b96311e76e06c7e57f 2011/SRPMS/libjpeg-turbo-1.1.1-1.1.src.rpm