Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636084 (CVE-2017-15232)

Summary: <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017-15232)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: anarchy, graphics+disabled, josef64, leio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-31 17:27:46 UTC
CVE-2017-15232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15232):
  libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and
  jquant1.c via a crafted JPEG file.
Comment 1 Mart Raudsepp gentoo-dev 2018-03-03 12:24:18 UTC
ping... does 1.5.3 have a fix?
Comment 2 tt_1 2018-03-03 19:58:03 UTC
Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it into 1.5.3
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2019-09-06 23:22:12 UTC
(In reply to tt_1 from comment #2)
> Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it
> into 1.5.3

Indeed it did.  Thank you!
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 21:26:58 UTC
Repository is clean, all done!