Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727910 - <media-libs/libjpeg-turbo-2.0.4: Multiple vulnerabilities
Summary: <media-libs/libjpeg-turbo-2.0.4: Multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 699830
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 714874 CVE-2020-13790
  Show dependency tree
Reported: 2020-06-11 04:45 UTC by Sam James
Modified: 2020-10-18 00:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 04:45:34 UTC
"Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.

Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2)."
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-06-11 12:50:54 UTC
Alright, found the source tarball, but build issues still remain.
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2020-06-12 03:10:09 UTC
Opps, wrong bug. Sorry :-(
Comment 3 Larry the Git Cow gentoo-dev 2020-10-04 17:39:20 UTC
The bug has been referenced in the following commit(s):

commit 3090e82542e7c97c9555f9968bc02664d99774a0
Author:     Sam James <>
AuthorDate: 2020-10-04 17:38:42 +0000
Commit:     Sam James <>
CommitDate: 2020-10-04 17:39:15 +0000

    media-libs/libjpeg-turbo: security cleanup
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Sam James <>

 media-libs/libjpeg-turbo/Manifest                  |   1 -
 .../libjpeg-turbo/libjpeg-turbo-2.0.3.ebuild       | 100 ---------------------
 2 files changed, 101 deletions(-)
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-18 00:26:43 UTC

*** This bug has been marked as a duplicate of bug 699830 ***