An out-of-bounds read in libjpeg-turbo might allow remote attackers to execute arbitrary code.
|Package||media-libs/libjpeg-turbo on all architectures|
|Affected versions||< 1.5.0|
|Unaffected versions||>= 1.5.0|
libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression.
The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to construct a JPEG image with Huffman blocks > 430 bytes in length. This release simply increases the minimum buffer size for the accelerated Huffman decoder to 512 bytes, which should accommodate any possible input.
A remote attacker could coerce the victim to run a specially crafted image file resulting in the execution of arbitrary code.
There is no known workaround at this time.
All libjpeg-turbo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.5.0"
December 31, 2016
December 31, 2016: 1