Updated libjpeg packages fix security vulnerability
Publication date: 05 Apr 2019Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14498
Description
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through
3.3.1 allows attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted 8-bit BMP in which one or
more of the color indices is out of range for the number of palette
entries. (CVE-2018-14498)
References
- https://bugs.mageia.org/show_bug.cgi?id=24565
- http://lists.suse.com/pipermail/sle-security-updates/2019-March/005227.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498
SRPMS
6/core
- libjpeg-1.5.1-1.3.mga6