Security update for libjpeg-turbo
This update for libjpeg-turbo fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function
which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c,
which allowed remote attackers to cause a denial-of-service via crafted JPG
files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused
by a divide by zero when processing a crafted BMP image (bsc#1098155)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1128712
VUL-1: CVE-2018-14498: jpeg, libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c
bnc#1096209
VUL-1: CVE-2018-11813: libjpeg-turbo,jpeg,libjpeg62-turbo: libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
bnc#1098155
VUL-1: CVE-2018-1152: libjpeg-turbo: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability causedby a divide by zero when processing a crafted BMP image
