Advisories ยป MGASA-2018-0327

Updated libjpeg packages fix security vulnerabilities

Publication date: 10 Aug 2018
Modification date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1152 , CVE-2018-11813


Updated libjpeg package fixes security vulnerabilities:

It was found that libjpeg is vulnerable to a denial of service
vulnerability caused by a divide by zero when processing a crafted
BMP image (CVE-2018-1152).

It was found that libjpeg had a defect where, due to a mishandled EOF,
a specially crafted malformed input file (specifically a file with a
valid Targa header but incomplete pixel data) would cause cjpeg to 
generate a file that was potentially thousands of times larger than the
input file (CVE-2018-11813).