Overview

File _patchinfo of Package patchinfo.10129

<patchinfo incident="10129">
  <issue tracker="bnc" id="1128712">VUL-1: CVE-2018-14498: jpeg, libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c</issue>
  <issue tracker="bnc" id="1096209">VUL-1: CVE-2018-11813: libjpeg-turbo,jpeg,libjpeg62-turbo: libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.</issue>
  <issue tracker="bnc" id="1098155">VUL-1: CVE-2018-1152: libjpeg-turbo: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability causedby a divide by zero when processing a crafted BMP image</issue>
  <issue tracker="cve" id="2018-14498"/>
  <issue tracker="cve" id="2018-11813"/>
  <issue tracker="cve" id="2018-1152"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for libjpeg-turbo fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function
  which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c,
  which allowed remote attackers to cause a denial-of-service via crafted JPG
  files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused
  by a divide by zero when processing a crafted BMP image (bsc#1098155)

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for libjpeg-turbo</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places