636084 – (CVE-2017-15232) <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017-15232)

Bug 636084 (CVE-2017-15232) - <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017-15232)

Summary: <media-libs/libjpeg-turbo-1.5.3-r2: Denial of Service vulnerability (CVE-2017...

Status:	RESOLVED FIXED

Alias:	CVE-2017-15232

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-10-31 17:27 UTC by GLSAMaker/CVETool Bot
Modified:	2019-10-26 21:26 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-31 17:27:46 UTC

CVE-2017-15232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15232):
  libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and
  jquant1.c via a crafted JPEG file.

Comment 1 Mart Raudsepp gentoo-dev

2018-03-03 12:24:18 UTC

ping... does 1.5.3 have a fix?

Comment 2 tt_1 2018-03-03 19:58:03 UTC

Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it into 1.5.3

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2019-09-06 23:22:12 UTC

(In reply to tt_1 from comment #2)
> Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it
> into 1.5.3

Indeed it did.  Thank you!

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 21:26:58 UTC

Repository is clean, all done!