Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636084 (CVE-2017-15232) - <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017-15232)
Summary: <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017...
Status: IN_PROGRESS
Alias: CVE-2017-15232
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-31 17:27 UTC by GLSAMaker/CVETool Bot
Modified: 2019-09-06 23:22 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-31 17:27:46 UTC
CVE-2017-15232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15232):
  libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and
  jquant1.c via a crafted JPEG file.
Comment 1 Mart Raudsepp gentoo-dev 2018-03-03 12:24:18 UTC
ping... does 1.5.3 have a fix?
Comment 2 tt_1 2018-03-03 19:58:03 UTC
Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it into 1.5.3
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-09-06 23:22:12 UTC
(In reply to tt_1 from comment #2)
> Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it
> into 1.5.3

Indeed it did.  Thank you!