Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727010 (CVE-2020-13790) - <media-libs/libjpeg-turbo-{1.5.3-r3,2.0.4-r1}: Buffer overflow in get_rgb_row() via malformed PPM file (CVE-2020-13790)
Summary: <media-libs/libjpeg-turbo-{1.5.3-r3,2.0.4-r1}: Buffer overflow in get_rgb_row...
Status: IN_PROGRESS
Alias: CVE-2020-13790
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/libjpeg-turbo/libj...
Whiteboard: A3 [stable cve]
Keywords: CC-ARCHES
Depends on:
Blocks: 727910
  Show dependency tree
 
Reported: 2020-06-03 20:20 UTC by Sam James
Modified: 2020-06-20 13:50 UTC (History)
2 users (show)

See Also:
Package list:
=media-libs/libjpeg-turbo-1.5.3-r3 =media-libs/libjpeg-turbo-2.0.4-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev Security 2020-06-03 20:20:50 UTC
Description:
"libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file."

https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
Comment 1 Larry the Git Cow gentoo-dev 2020-06-13 16:30:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962edc520001b3d2059be69702a1ceccee9b

commit 8110962edc520001b3d2059be69702a1ceccee9b
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-06-11 00:37:52 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-06-13 16:30:39 +0000

    media-libs/libjpeg-turbo: Patch CVE-2020-13790
    
    Bug: https://bugs.gentoo.org/727010
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/16184

 .../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch |  43 ++++++++
 .../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch |  34 ++++++
 .../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild    | 122 +++++++++++++++++++++
 .../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild    | 108 ++++++++++++++++++
 4 files changed, 307 insertions(+)
Comment 2 Sergei Trofimovich gentoo-dev 2020-06-14 20:30:15 UTC
ppc64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-06-15 15:01:46 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-06-15 15:04:59 UTC
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-06-15 15:13:08 UTC
sparc stable
Comment 6 Sam James gentoo-dev Security 2020-06-17 14:23:30 UTC
arm64 stable
Comment 7 Rolf Eike Beer 2020-06-18 06:55:13 UTC
hppa stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2020-06-20 13:50:32 UTC
x86 stable