Advisories » MGASA-2020-0267

Updated libjpeg packages fix security vulnerability

Publication date: 19 Jun 2020
Modification date: 19 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13790

Description

Updated libjpeg packages fix security vulnerability:

libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row()
in rdppm.c via a malformed PPM input file (CVE-2020-13790).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26784
• https://usn.ubuntu.com/usn/usn-4386-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790

SRPMS

7/core

• libjpeg-2.0.4-1.1.mga7