Update libjpeg-turbo to libjpeg-turbo-2.0.1-0ubuntu2.2 to fix CVE-2018-20330 CVE-2018-19664 CVE-2019-2201 CVE-2018-14498 CVE-2018-1152 CVE-2017-15232 high remote
Tracked by Jolla
(In release)
asked 2020-03-24 10:22:32 +0200
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.1-0ubuntu2.2
SECURITY UPDATE: NULL pointer dereference via JPEG image
- debian/patches/CVE-2017-15232-1.patch: exit gracefully with non-PPM formats in djpeg.1, djpeg.c.
- debian/patches/CVE-2017-15232-2.patch: add further partial image decompression fixes in cdjpeg.h, djpeg.1, djpeg.c, jdapistd.c, wrbmp.c, wrgif.c, wrppm.c, wrppm.h, wrrle.c, wrtarga.c.
- CVE-2017-15232
- SECURITY UPDATE: division by zero via BMP image
- debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
- CVE-2018-1152
SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14498.patch: Fix OOB read caused by malformed 8-bit BMP in cderror.h, rdbmp.c, rdppm.c.
- CVE-2018-14498
- SECURITY UPDATE: Several integer overflow and subsequent segfaults
- debian/patches/CVE-2019-2201.patch: properly handled gigapixel images in java/TJBench.java, tjbench.c, turbojpeg.c.
CVE-2019-2201
SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2018-19664.patch: avoid quantization w/ non-RGB CS in wrbmp.c.
- CVE-2018-19664
- SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2018-20330.patch: fix int overflow and segfault w/ big BMP in turbojpeg.c
- CVE-2018-20330