Nom du paquet
libjpeg
Date
2013-04-05
Advisory ID
MDVSA-2013:044
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in libjpeg:

A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component
count was erroneously set to a large value. An attacker could create
a specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-2806).

The updated packages have been patched to correct this issue.

Updated packages

MBS1 x86_64

 9bed5ff5daf1cfd228bb2e18d76e63d3  mbs1/x86_64/jpeg-progs-1.2.0-5.1.mbs1.x86_64.rpm
 fd65f7fadf3744257981ec46b8a489c0  mbs1/x86_64/lib64jpeg62-1.2.0-5.1.mbs1.x86_64.rpm
 1e89f53baed1229ebc8aff6103e1e837  mbs1/x86_64/lib64jpeg8-1.2.0-5.1.mbs1.x86_64.rpm
 fe26cbd19e19e4cfc64e8dffa6f75ac0  mbs1/x86_64/lib64jpeg-devel-1.2.0-5.1.mbs1.x86_64.rpm
 6adaac0c89f9dfe5dda706428d788c64  mbs1/x86_64/lib64jpeg-static-devel-1.2.0-5.1.mbs1.x86_64.rpm 
 930a2ca4bb8f80c39e8ffb6232a1c34f  mbs1/SRPMS/libjpeg-1.2.0-5.1.mbs1.src.rpm

References