Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727910 - <media-libs/libjpeg-turbo-2.0.4: Multiple vulnerabilities
Summary: <media-libs/libjpeg-turbo-2.0.4: Multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 699830
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on: 714874 CVE-2020-13790
Blocks:
  Show dependency tree
 
Reported: 2020-06-11 04:45 UTC by Sam James
Modified: 2020-10-18 00:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-11 04:45:34 UTC
"Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.

Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2)."
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2020-06-11 12:50:54 UTC
Alright, found the source tarball, but build issues still remain.
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2020-06-12 03:10:09 UTC
Opps, wrong bug. Sorry :-(
Comment 3 Larry the Git Cow gentoo-dev 2020-10-04 17:39:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3090e82542e7c97c9555f9968bc02664d99774a0

commit 3090e82542e7c97c9555f9968bc02664d99774a0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-10-04 17:38:42 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-04 17:39:15 +0000

    media-libs/libjpeg-turbo: security cleanup
    
    Bug: https://bugs.gentoo.org/727010
    Bug: https://bugs.gentoo.org/727910
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libjpeg-turbo/Manifest                  |   1 -
 .../libjpeg-turbo/libjpeg-turbo-2.0.3.ebuild       | 100 ---------------------
 2 files changed, 101 deletions(-)
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-10-18 00:26:43 UTC

*** This bug has been marked as a duplicate of bug 699830 ***