Control: tags -1 + moreinfo
On Sat, 12 Aug 2017 at 18:51:42 +0200, Salvatore Bonaccorso wrote:
> On Thu, Jul 27, 2017 at 07:03:18PM +0200, Salvatore Bonaccorso wrote:
> > the following vulnerability was published for libjpeg-turbo.
> >
> > CVE-2017-9614[0]:
> > | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1
> > | allows remote attackers to cause a denial of service (invalid memory
> > | access and application crash) or possibly have unspecified other impact
> > | via a crafted jpg file.
>
> This has been forwarded upstream to
> https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
According to upstream, this is a bug in the "stills2dv" program that was
mentioned in the disclosure, and not a bug in libjpeg-turbo itself.
stills2dv does not appear to be in Debian.
smcv
