Suggest increasing the importance of this bug, considering it has a CVE assignment? I realize that it's a DoS, which is low on the "vulnerability" totem pole; but especially with buffer overruns I tend to suspect that "DoS" is code for "might allow code execution but no one's bothered to prove it". Anyway, the fix is trivial, and provided in the attached debdiff.
Cheers! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu. https://bugs.launchpad.net/bugs/1385903 Title: imagemagick crashes with "stack smashing detected" Status in libjpeg-turbo package in Ubuntu: Confirmed Status in libjpeg-turbo source package in Precise: Confirmed Status in libjpeg-turbo source package in Trusty: Confirmed Status in libjpeg-turbo source package in Utopic: Won't Fix Status in libjpeg-turbo source package in Vivid: Confirmed Bug description: Every now and then imagemagick convert crashes like this: $ convert -rotate 270 003632r270.jpg koe.jpg *** stack smashing detected ***: convert terminated Aborted (core dumped) This is perfectly reproducible and happens in every Ubuntu 14.04 box I have at hand that has ImageMagick in it, but not in 12.04. I'll attach the file used in above example (I have several more in case someone wants them). --- ApportVersion: 2.14.1-0ubuntu3.5 Architecture: i386 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: tt 2149 F.... pulseaudio CurrentDesktop: LXDE CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied dmesg: write failed: Broken pipe DistroRelease: Ubuntu 14.04 IwConfig: br0 no wireless extensions. lo no wireless extensions. eth0 no wireless extensions. Package: linux (not installed) ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-37-generic root=/dev/mapper/hostname-root ro acpi_enforce_resources=lax ProcVersionSignature: Ubuntu 3.13.0-37.64-generic 3.13.11.7 RfKill: Tags: trusty Uname: Linux 3.13.0-37-generic i686 UpgradeStatus: Upgraded to trusty on 2014-07-15 (103 days ago) UserGroups: sudo WifiSyslog: _MarkForUpload: True dmi.bios.date: 08/09/2007 dmi.bios.vendor: Phoenix Technologies, LTD dmi.bios.version: 6.00 PG dmi.board.name: 945GM dmi.chassis.type: 3 dmi.modalias: dmi:bvnPhoenixTechnologies,LTD:bvr6.00PG:bd08/09/2007:svn:pn:pvr:rvn:rn945GM:rvr:cvn:ct3:cvr: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
