Opened 6 years ago
Closed 6 years ago
#11672 closed enhancement (fixed)
libjpeg-turbo-2.0.2 (CVE-2018-19664 CVE-2018-20330)
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 8.4 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version. Not too late for 8.4.
Change History (8)
comment:1 by , 6 years ago
| Summary: | libjpeg-turbo-2.0.2 → libjpeg-turbo-2.0.2 (CVE-2018-19664 CVE-2018-20330) |
|---|
comment:3 by , 6 years ago
I think I might be able to get to this tonight. Does anyone have any objections to me taking it?
comment:4 by , 6 years ago
| Owner: | changed from to |
|---|
comment:5 by , 6 years ago
| Status: | new → assigned |
|---|
comment:6 by , 6 years ago
Only needs stats update.
100% tests passed, 0 tests failed out of 151
SBU=.329 2112 /usr/src/libjpeg-turbo/libjpeg-turbo-2.0.2.tar.gz SIZE (2.062 MB) 31568 kilobytes BUILD SIZE (30.828 MB) md5sum : 79f76fbfb0c6109631332762d10e16d2
comment:7 by , 6 years ago
Thank you for the heads up. Are you on your way through X? I'm halted on LLVM right now.
Note:
See TracTickets
for help on using tickets.
2.0.2 Significant changes relative to 2.0.1: Fixed a regression introduced by 2.0.1[5] that prevented a runtime search path (rpath) from being embedded in the libjpeg-turbo shared libraries and executables for macOS and iOS. This caused a fatal error of the form "dyld: Library not loaded" when attempting to use one of the executables, unless DYLD_LIBRARY_PATH was explicitly set to the location of the libjpeg-turbo shared libraries. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that occurred when attempting to load a BMP file with more than 1 billion pixels using the tjLoadImage() function. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. Fixed a floating point exception that occurred when attempting to decompress a specially-crafted malformed JPEG image with a specified image width or height of 0 using the C version of TJBench. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, or 1x3 luminance and chrominance sampling factors. This is a non-standard way of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and chrominance sampling factors), but the JPEG format and the libjpeg API both allow it. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate incorrect PPM images when used with the -colors option. Fixed an issue whereby a static build of libjpeg-turbo (a build in which ENABLE_SHARED is 0) could not be installed using the Visual Studio IDE. Fixed a severe performance issue in the Loongson MMI SIMD extensions that occurred when compressing RGB images whose image rows were not 64-bit-aligned.Security fixes: CVE-2018-20330 CVE-2018-19664