openSUSE-SU-2019:1118-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1118-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1118-1
- Upstream
- Related
- Published
- 2019-04-02T11:05:26Z
- Modified
- 2025-05-07T18:09:59.295234Z
- Summary
- Security update for libjpeg-turbo
- Details
-
This update for libjpeg-turbo fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-14498: Fixed a heap-based buffer over read in get8bitrow function which could allow to an attacker to cause denial of service (bsc#1128712).
- CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209)
- CVE-2018-1152: Fixed a denial of service in startinputbmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155)
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7PGXD27E76CECHHIGW57SLEC6FXMAF5N/#7PGXD27E76CECHHIGW57SLEC6FXMAF5N
- https://bugzilla.suse.com/1096209
- https://bugzilla.suse.com/1098155
- https://bugzilla.suse.com/1128712
- https://www.suse.com/security/cve/CVE-2018-1152
- https://www.suse.com/security/cve/CVE-2018-11813
- https://www.suse.com/security/cve/CVE-2018-14498
Affected packages
openSUSE:Leap 15.0 / libjpeg-turbo
Package
- Name
- libjpeg-turbo
- Purl
- pkg:rpm/opensuse/libjpeg-turbo&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.3-lp150.4.3.2
Ecosystem specific
{
"binaries": [
{
"libjpeg8": "8.1.2-lp150.4.3.2",
"libjpeg62-32bit": "62.2.0-lp150.4.3.2",
"libturbojpeg0": "8.1.2-lp150.4.3.2",
"libjpeg62-turbo": "1.5.3-lp150.4.3.2",
"libjpeg62": "62.2.0-lp150.4.3.2",
"libjpeg62-devel": "62.2.0-lp150.4.3.2",
"libjpeg8-devel": "8.1.2-lp150.4.3.2",
"libturbojpeg0-32bit": "8.1.2-lp150.4.3.2",
"libjpeg-turbo": "1.5.3-lp150.4.3.2",
"libjpeg62-devel-32bit": "62.2.0-lp150.4.3.2",
"libjpeg8-devel-32bit": "8.1.2-lp150.4.3.2",
"libjpeg8-32bit": "8.1.2-lp150.4.3.2"
}
]
}
openSUSE:Leap 15.0 / libjpeg62-turbo
Package
- Name
- libjpeg62-turbo
- Purl
- pkg:rpm/opensuse/libjpeg62-turbo&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.3-lp150.4.3.2
Ecosystem specific
{
"binaries": [
{
"libjpeg8": "8.1.2-lp150.4.3.2",
"libjpeg62-32bit": "62.2.0-lp150.4.3.2",
"libturbojpeg0": "8.1.2-lp150.4.3.2",
"libjpeg62-turbo": "1.5.3-lp150.4.3.2",
"libjpeg62": "62.2.0-lp150.4.3.2",
"libjpeg62-devel": "62.2.0-lp150.4.3.2",
"libjpeg8-devel": "8.1.2-lp150.4.3.2",
"libturbojpeg0-32bit": "8.1.2-lp150.4.3.2",
"libjpeg-turbo": "1.5.3-lp150.4.3.2",
"libjpeg62-devel-32bit": "62.2.0-lp150.4.3.2",
"libjpeg8-devel-32bit": "8.1.2-lp150.4.3.2",
"libjpeg8-32bit": "8.1.2-lp150.4.3.2"
}
]
}