Security update for libjpeg-turbo (moderate)

2019-04-02T18:27:28
ID OPENSUSE-SU-2019:1118-1
Type suse
Reporter Suse
Modified 2019-04-02T18:27:28

Description

This update for libjpeg-turbo fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712).
  • CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209)
  • CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155)

This update was imported from the SUSE:SLE-15:Update update project.