Advisories » MGASA-2022-0353

Updated libjpeg packages fix security vulnerability

Publication date: 01 Oct 2022
Modification date: 01 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-46822

Description

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of
tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer
and loading a 16-bit binary PGM file into an RGB buffer. This is related
to a heap-based buffer overflow in the get_word_rgb_row function in
rdppm.c. (CVE-2021-46822)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30886
• https://ubuntu.com/security/notices/USN-5631-1
• https://github.com/libjpeg-turbo/libjpeg-turbo/blob/2.0.8-esr/ChangeLog.md
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822

SRPMS

8/core

• libjpeg-2.0.8-1.mga8