{ "schema_version": "1.6.2", "id": "MGASA-2018-0327", "published": "2018-08-10T14:37:39Z", "modified": "2018-08-10T14:13:38Z", "summary": "Updated libjpeg packages fix security vulnerabilities", "details": "Updated libjpeg package fixes security vulnerabilities:\n\nIt was found that libjpeg is vulnerable to a denial of service\nvulnerability caused by a divide by zero when processing a crafted\nBMP image (CVE-2018-1152).\n\nIt was found that libjpeg had a defect where, due to a mishandled EOF,\na specially crafted malformed input file (specifically a file with a\nvalid Targa header but incomplete pixel data) would cause cjpeg to \ngenerate a file that was potentially thousands of times larger than the\ninput file (CVE-2018-11813).\n", "related": [ "CVE-2018-1152", "CVE-2018-11813" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2018-0327.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=23238" }, { "type": "REPORT", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3CDV3ULRXQEMV7OHCB5MSITEIVOI5EPN/" }, { "type": "REPORT", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHRJSPZHPTSJWFXG5YW7OD4MM4WAPXFF/" } ], "affected": [ { "package": { "ecosystem": "Mageia:6", "name": "libjpeg", "purl": "pkg:rpm/mageia/libjpeg?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.5.1-1.2.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }