[libjpeg-turbo/f21] CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)
Petr Hracek
phracek at fedoraproject.org
Wed Feb 25 07:51:15 UTC 2015
commit f4245e374e396ec7a5e8367951c76982e4628c5e
Author: Petr Hracek <phracek at redhat.com>
Date: Tue Feb 24 16:40:38 2015 +0100
CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)
Signed-off-by: Petr Hracek <phracek at redhat.com>
libjpeg-turbo-CVE-2014-9092.patch | 22 ++++++++++++++++++++++
libjpeg-turbo.spec | 7 ++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
---
diff --git a/libjpeg-turbo-CVE-2014-9092.patch b/libjpeg-turbo-CVE-2014-9092.patch
new file mode 100644
index 0000000..f4e277a
--- /dev/null
+++ b/libjpeg-turbo-CVE-2014-9092.patch
@@ -0,0 +1,22 @@
+diff --git a/jchuff.c b/jchuff.c
+index 29bf389..a169380 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -426,7 +426,7 @@ dump_buffer (working_state * state)
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+- JOCTET _buffer[BUFSIZE], *buffer;
++ JOCTET _buffer[BUFSIZE + 8], *buffer;
+ size_t put_buffer; int put_bits;
+ size_t bytes, bytestocopy; int localbuf = 0;
+
+@@ -455,7 +455,7 @@ encode_one_block (working_state * state, JCOEFPTR block, int last_dc_val,
+ int temp, temp2, temp3;
+ int nbits;
+ int r, code, size;
+- JOCTET _buffer[BUFSIZE], *buffer;
++ JOCTET _buffer[BUFSIZE + 8], *buffer;
+ size_t put_buffer; int put_bits;
+ int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+ size_t bytes, bytestocopy; int localbuf = 0;
diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec
index d3509ee..87df737 100644
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@@ -1,6 +1,6 @@
Name: libjpeg-turbo
Version: 1.3.1
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files
License: IJG
URL: http://sourceforge.net/projects/libjpeg-turbo
@@ -8,6 +8,7 @@ URL: http://sourceforge.net/projects/libjpeg-turbo
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: libjpeg-turbo12-noinst.patch
Patch1: libjpeg-turbo-header-files.patch
+Patch2: libjpeg-turbo-CVE-2014-9092.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -74,6 +75,7 @@ manipulate JPEG files using the TurboJPEG library.
%setup -q
%patch0 -p1 -b .noinst
%patch1 -p1 -b .header-files
+%patch2 -p1 -b .CVE-2014-9092
%build
autoreconf -fiv
@@ -130,6 +132,9 @@ make test
%{_libdir}/libturbojpeg.so
%changelog
+* Tue Feb 24 2015 Petr Hracek <phracek at redhat.com> - 1.3.1-5
+- CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)
+
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
More information about the scm-commits
mailing list