MDVSA-2012:121 -- Mandriva libjpeg-turboID: oval:org.secpod.oval:def:302937 | Date: (C)2012-10-30 (M)2023-12-26 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in libjpeg-turbo: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Linux 2011.0 |