Package name
Advisory ID
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in libjpeg:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application

The updated packages have been patched to correct this issue.

Updated packages

MBS1 x86_64

 9bed5ff5daf1cfd228bb2e18d76e63d3  mbs1/x86_64/jpeg-progs-1.2.0-5.1.mbs1.x86_64.rpm
 fd65f7fadf3744257981ec46b8a489c0  mbs1/x86_64/lib64jpeg62-1.2.0-5.1.mbs1.x86_64.rpm
 1e89f53baed1229ebc8aff6103e1e837  mbs1/x86_64/lib64jpeg8-1.2.0-5.1.mbs1.x86_64.rpm
 fe26cbd19e19e4cfc64e8dffa6f75ac0  mbs1/x86_64/lib64jpeg-devel-1.2.0-5.1.mbs1.x86_64.rpm
 6adaac0c89f9dfe5dda706428d788c64  mbs1/x86_64/lib64jpeg-static-devel-1.2.0-5.1.mbs1.x86_64.rpm 
 930a2ca4bb8f80c39e8ffb6232a1c34f  mbs1/SRPMS/libjpeg-1.2.0-5.1.mbs1.src.rpm