Updated libjpeg packages fix security vulnerabilitiesPublication date: 10 Aug 2018
Affected Mageia releases : 6
CVE: CVE-2018-1152 , CVE-2018-11813
Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image (CVE-2018-1152). It was found that libjpeg had a defect where, due to a mishandled EOF, a specially crafted malformed input file (specifically a file with a valid Targa header but incomplete pixel data) would cause cjpeg to generate a file that was potentially thousands of times larger than the input file (CVE-2018-11813).