Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 426938 (CVE-2012-2806)

Summary: <media-libs/libjpeg-turbo-1.2.1: Heap-based buffer overflow when decompressing corrupt JPEG images (CVE-2012-2806)
Product: Gentoo Security Reporter: taaroa <taaroa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=826849
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description taaroa 2012-07-17 05:29:34 UTC
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=826849
http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830

This issue has been assigned CVE-2012-2806.

Upstream release of libjpeg-turbo-1.2.1 resolves this issue.

Reproducible: Always
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2012-07-17 12:06:26 UTC
Test and stabilize:

=media-libs/libjpeg-turbo-1.2.1 alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Comment 2 SpanKY gentoo-dev 2012-07-17 14:09:15 UTC
btw, this is the same fix that Samuli added to libjpeg-turbo-1.2.0-r2
Comment 3 Johannes Huber (RETIRED) gentoo-dev 2012-07-17 14:49:23 UTC
x86 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-07-17 15:53:41 UTC
Stable for HPPA.
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2012-07-19 18:20:21 UTC
amd64 done
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2012-07-22 14:39:25 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2012-07-31 04:13:33 UTC
ppc/ppc64 done

all arch's done
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-07-31 11:05:47 UTC
Thanks, everyone.

GLSA draft ready for review.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-08-14 11:20:14 UTC
CVE-2012-2806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2806):
  Heap-based buffer overflow in the get_sos function in jdmarker.c in
  libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via a large
  component count in the header of a JPEG image.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-09-26 11:32:47 UTC
This issue was resolved and addressed in
 GLSA 201209-13 at http://security.gentoo.org/glsa/glsa-201209-13.xml
by GLSA coordinator Sean Amoss (ackle).