Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 727910

Summary: <media-libs/libjpeg-turbo-2.0.4: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 714874, 727010    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 04:45:34 UTC 
"Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.

Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2)."
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-06-11 12:50:54 UTC 
Alright, found the source tarball, but build issues still remain.
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-06-12 03:10:09 UTC 
Opps, wrong bug. Sorry :-(
Comment 3 Larry the Git Cow gentoo-dev 2020-10-04 17:39:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3090e82542e7c97c9555f9968bc02664d99774a0

commit 3090e82542e7c97c9555f9968bc02664d99774a0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-10-04 17:38:42 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-04 17:39:15 +0000

    media-libs/libjpeg-turbo: security cleanup
    
    Bug: https://bugs.gentoo.org/727010
    Bug: https://bugs.gentoo.org/727910
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libjpeg-turbo/Manifest                  |   1 -
 .../libjpeg-turbo/libjpeg-turbo-2.0.3.ebuild       | 100 ---------------------
 2 files changed, 101 deletions(-)
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-18 00:26:43 UTC 

*** This bug has been marked as a duplicate of bug 699830 ***