MDVSA-2013:274 -- Mandriva libjpegID: oval:org.secpod.oval:def:1300251 | Date: (C)2013-12-10 (M)2023-12-26 |
Class: PATCH | Family: unix |
Updated libjpeg packages fix security vulnerabilities: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application . libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data . libjpeg-turbo will use uninitialized memory when handling Huffman tables .
Platform: |
Mandriva Enterprise Server 5.2 |