package/jpeg-turbo: add upstream security fixes (f60925be) · Commits · Arm Reference Solutions / buildroot

Commit f60925be authored Feb 12, 2019 by Baruch Siach Committed by Peter Korsgaard Feb 12, 2019

package/jpeg-turbo: add upstream security fixes



CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.

CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.

Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 7fe3741b

Hide whitespace changes

Inline Side-by-side

Please register or to comment