Advisories ยป MGASA-2014-0174

Updated jbigkit packages fix CVE-2013-6369

Publication date: 15 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6369

Description

Updated jbigkit packages fix security vulnerability:

Florian Weimer found a stack-based buffer overflow flaw in the libjbig library
(part of jbigkit).  A specially-crafted image file read by libjbig could be
used to cause a program linked to libjbig to crash or, potentially, to execute
arbitrary code (CVE-2013-6369).

The jbigkit package has been updated to version 2.1, which fixes this issue,
as well as a few other bugs, including the ability of corrupted input data to
force the jbig85 decoder into an end-less loop.
                

References

SRPMS

3/core

4/core