Advisories » MGASA-2017-0407

Updated libjpeg packages fix a security vulnerability

Publication date: 10 Nov 2017
Modification date: 10 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15232

Description

libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and
jquant1.c via a crafted JPEG file. (CVE-2017-15232)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21974
• https://lists.opensuse.org/opensuse-updates/2017-10/msg00115.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232

SRPMS

6/core

• libjpeg-1.5.1-1.1.mga6

5/core

• libjpeg-1.3.1-4.2.mga5