REDHAT-BUG-1169845

First published: Tue Dec 02 2014(Updated: )

A flaw in libjpeg-turbo was reported [1],[2],[3] that could lead to a local denial of service when processing a specially-crafted JPEG issue. One of the reports indicate that this only affects versions of libjpeg-turbo prior to 1.3.1 due to 1.3.1 rejecting the malformed image due to duplicate SOI markers. Upstream has fixes for this issue [4],[5]. Also refer to the upstream bug [6]. [1] <a href="http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&amp;t=26482&amp;sid=81658bc2f51a8d9893279cd01e83783f">http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&amp;t=26482&amp;sid=81658bc2f51a8d9893279cd01e83783f</a> [2] <a href="http://seclists.org/oss-sec/2014/q4/557">http://seclists.org/oss-sec/2014/q4/557</a> [3] <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369</a> [4] <a href="http://sourceforge.net/p/libjpeg-turbo/code/1365/">http://sourceforge.net/p/libjpeg-turbo/code/1365/</a> [5] <a href="http://sourceforge.net/p/libjpeg-turbo/code/1367/">http://sourceforge.net/p/libjpeg-turbo/code/1367/</a> [6] <a href="http://sourceforge.net/p/libjpeg-turbo/bugs/64/">http://sourceforge.net/p/libjpeg-turbo/bugs/64/</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/first-publish-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-9092
• agent/source
• agent/last-modified-date
• agent/severity
• agent/description
• agent/event
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/libjpeg-turbo
• canonical/libjpeg-turbo