Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-35538: Fix jpeg_skip_scanlines() segfault w/merged upsamp · libjpeg-turbo/libjpeg-turbo@9120a24

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

CVE

Permalink

Browse files

Fix jpeg_skip_scanlines() segfault w/merged upsamp

The additional segfault mentioned in #244 was due to the fact that the merged upsamplers use a different private structure than the non-merged upsamplers. jpeg_skip_scanlines() was assuming the latter, so when merged upsampling was enabled, jpeg_skip_scanlines() clobbered one of the IDCT method pointers in the merged upsampler’s private structure.

For reasons unknown, the test image in #441 did not encounter this segfault (too small?), but it encountered an issue similar to the one fixed in 5bc43c7, whereby it was necessary to set up a dummy postprocessing function in read_and_discard_scanlines() when merged upsampling was enabled. Failing to do so caused either a segfault in merged_2v_upsample() (due to a NULL pointer being passed to jcopy_sample_rows()) or an error (“Corrupt JPEG data: premature end of data segment”), depending on the number of scanlines skipped and whether the first scanline skipped was an odd- or even-numbered row.

Fixes #441 Fixes #244 (for real this time)

  • Loading branch information

Related news

CVE-2023-25947: en/security-disclosure/2023/2023-03.md · OpenHarmony/security - Gitee.com

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

Ubuntu Security Notice USN-5631-1

Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907