Control: forwarded -1 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
On Thu, Jul 27, 2017 at 07:03:18PM +0200, Salvatore Bonaccorso wrote: > Source: libjpeg-turbo > Version: 1:1.3.1-12 > Severity: important > Tags: upstream security > > Hi, > > the following vulnerability was published for libjpeg-turbo. > > CVE-2017-9614[0]: > | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 > | allows remote attackers to cause a denial of service (invalid memory > | access and application crash) or possibly have unspecified other impact > | via a crafted jpg file. This has been forwarded upstream to https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167 Regards, Salvatore