[libjpeg-turbo/f21] CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)

Petr Hracek phracek at fedoraproject.org
Wed Feb 25 07:51:15 UTC 2015 

commit f4245e374e396ec7a5e8367951c76982e4628c5e
Author: Petr Hracek <phracek at redhat.com>
Date:   Tue Feb 24 16:40:38 2015 +0100

    CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)
    
    Signed-off-by: Petr Hracek <phracek at redhat.com>

 libjpeg-turbo-CVE-2014-9092.patch | 22 ++++++++++++++++++++++
 libjpeg-turbo.spec                |  7 ++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
---
diff --git a/libjpeg-turbo-CVE-2014-9092.patch b/libjpeg-turbo-CVE-2014-9092.patch
new file mode 100644
index 0000000..f4e277a
--- /dev/null
+++ b/libjpeg-turbo-CVE-2014-9092.patch
@@ -0,0 +1,22 @@
+diff --git a/jchuff.c b/jchuff.c
+index 29bf389..a169380 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -426,7 +426,7 @@ dump_buffer (working_state * state)
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+-  JOCTET _buffer[BUFSIZE], *buffer;
++  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   size_t bytes, bytestocopy;  int localbuf = 0;
+ 
+@@ -455,7 +455,7 @@ encode_one_block (working_state * state, JCOEFPTR block, int last_dc_val,
+   int temp, temp2, temp3;
+   int nbits;
+   int r, code, size;
+-  JOCTET _buffer[BUFSIZE], *buffer;
++  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+   size_t bytes, bytestocopy;  int localbuf = 0;
diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec
index d3509ee..87df737 100644
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@@ -1,6 +1,6 @@
 Name:           libjpeg-turbo
 Version:        1.3.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A MMX/SSE2 accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
@@ -8,6 +8,7 @@ URL:            http://sourceforge.net/projects/libjpeg-turbo
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:         libjpeg-turbo12-noinst.patch
 Patch1:         libjpeg-turbo-header-files.patch
+Patch2:         libjpeg-turbo-CVE-2014-9092.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -74,6 +75,7 @@ manipulate JPEG files using the TurboJPEG library.
 %setup -q
 %patch0 -p1 -b .noinst
 %patch1 -p1 -b .header-files
+%patch2 -p1 -b .CVE-2014-9092
 
 %build
 autoreconf -fiv
@@ -130,6 +132,9 @@ make test
 %{_libdir}/libturbojpeg.so
 
 %changelog
+* Tue Feb 24 2015 Petr Hracek <phracek at redhat.com> - 1.3.1-5
+- CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file (#1169845)
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

More information about the scm-commits mailing list