Headline

RHSA-2023:1068: Red Hat Security Advisory: libjpeg-turbo security update

An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2021-46822: A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #buffer_overflow #ibm

Synopsis

Moderate: libjpeg-turbo security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.

Security Fix(es):

libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c (CVE-2021-46822)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

BZ - 2100044 - CVE-2021-46822 libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c

Red Hat Enterprise Linux for x86_64 9

SRPM

libjpeg-turbo-2.0.90-6.el9_1.src.rpm

SHA-256: dd8cf980b223e29302b6bb603d4b6bdf1f61a41d409ffabe820a4231e7820800

x86_64

libjpeg-turbo-2.0.90-6.el9_1.i686.rpm

SHA-256: 9bc09cfed1df64c14e0d2f714d45512fab0afce0e4e4393de691bdc03b1143a1

libjpeg-turbo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 233b58169774cc92a769f87633dc23ec18ef044da559e2a2ec75a54b310f0937

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: a5a2c217e21780eca32a25bc0eb66db31f330c524391c50cfb4d0e78cc323446

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 7fb344c6f760ccab27308bb3823886be2bf53fa32e3f06b4b98480efa71e3613

libjpeg-turbo-debugsource-2.0.90-6.el9_1.i686.rpm

SHA-256: 8c100a2d3045b821d3f753e15998545764d46338f2bcd76e3554d77745b002f5

libjpeg-turbo-debugsource-2.0.90-6.el9_1.x86_64.rpm

SHA-256: d1c29970fba857a7cb2f95eb7085f5c5816b9726992dac5f18a597f0ad91248b

libjpeg-turbo-devel-2.0.90-6.el9_1.i686.rpm

SHA-256: 04c93dc751ce93fa6f72cea4c16d7cf4d3d1f2634459e9e1f3b4af0bf9b9ed4b

libjpeg-turbo-devel-2.0.90-6.el9_1.x86_64.rpm

SHA-256: e163dad1f4dd4c278b4c76e1bfdde02226ff993f6df99cf79949b36c8b57c025

libjpeg-turbo-utils-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 02de07d7b61a7159eb5ab3b56490c40b1fa76e8e2d5a01002eb64688e4738d8c

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: 40586f6d801d66281093eb72d1eb189760e7aff72c0c031709902244c2b216f1

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: e75b5ef636a59fbf1924cb497c6a1241fc0516062d594f73779cd6e2bb06c02a

turbojpeg-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: 938946da3723bef59fa7796be3eaf10dcb4db3a0ad98187732c1d79650c2a7e6

turbojpeg-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 11706c2d45a61c16400a48c016965018cd95c529d09bd596ec153da916dd1d19

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

libjpeg-turbo-2.0.90-6.el9_1.src.rpm

SHA-256: dd8cf980b223e29302b6bb603d4b6bdf1f61a41d409ffabe820a4231e7820800

s390x

libjpeg-turbo-2.0.90-6.el9_1.s390x.rpm

SHA-256: f1c4be929ca521d304696792223bf81597a205127b9b8e6182773102ecc33d9f

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: d039affff8ce632dfdae42d6ac9708b5e80e3a306e4dfba4e3165c097ff5c845

libjpeg-turbo-debugsource-2.0.90-6.el9_1.s390x.rpm

SHA-256: 702b9742fdaf7c563656b4c22617ab0b48129ae756cd969198e8df3dff6726d4

libjpeg-turbo-devel-2.0.90-6.el9_1.s390x.rpm

SHA-256: 4872dcb6046d983083e6f126b6af81fd0f1f7b43bf184e6628c7141cfd8c8ab2

libjpeg-turbo-utils-2.0.90-6.el9_1.s390x.rpm

SHA-256: 112126a768a8f64b1bceb8c92dea67adc8d6bc31e85fe5a1df15667798eff506

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: a95ec1aad48f3901bffc6c770afd30dd0461c55865bee0736d545a3fd5c3ff29

turbojpeg-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: 5b78ea198881d2642940aafe6d9c477e02a6a2e61ddc289512640a3a968c491f

Red Hat Enterprise Linux for Power, little endian 9

SRPM

libjpeg-turbo-2.0.90-6.el9_1.src.rpm

SHA-256: dd8cf980b223e29302b6bb603d4b6bdf1f61a41d409ffabe820a4231e7820800

ppc64le

libjpeg-turbo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 6d026728ac3f5a87304062957d26685f02f151aa7a3bd02b728cb2b09b0a633b

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: fcb7c5fcd6f6d727f512a4a33a4c6d93e232b9f2efdfa8ffacafb7db8696177d

libjpeg-turbo-debugsource-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: d85a1e843e6f36b9907abb9a40da9f799667fd83e418ec5b8816176f755d5ac6

libjpeg-turbo-devel-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 635b3688e57b1d4667049523fad8e288cd7b887032e97635d9f937f4f9c346c8

libjpeg-turbo-utils-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: e0199c4c889db5e93598389e7e661fc0100724eccab3a6d0a858c8e42612ee58

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 0db3cca3b499d6d01c2fd0ee644545412a903391e496c7468920f71e65e36dad

turbojpeg-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 82cd77f7a263b9729c16f2c4e17b4d24c357d19d083445762138fc5826023084

Red Hat Enterprise Linux for ARM 64 9

SRPM

libjpeg-turbo-2.0.90-6.el9_1.src.rpm

SHA-256: dd8cf980b223e29302b6bb603d4b6bdf1f61a41d409ffabe820a4231e7820800

aarch64

libjpeg-turbo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 7096812fc54d25422d28cb90c9604fc26f636087aec8e680cdb446e2426328db

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: eacbc235216c6d2965a7651b7b8d2054591d55e84ddc98646b78ba6513718c69

libjpeg-turbo-debugsource-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 940214c1266ea9dbdf8bf340b241adda7db3820c9a31bee0b81b3e638bf6d286

libjpeg-turbo-devel-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 0e67062bb3fcb22943617b6e0fb29d5479be31d8dfc7255e208f449085e19bc6

libjpeg-turbo-utils-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 7da64283ff70ef2be3c7b49f39872626cf127240a0dba1be1f23d32adc58a760

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: c90a20860a251e12068701352f2a86c122922b7a30c360f408ff7a1c3e6ab6ce

turbojpeg-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 961127465da1d83f8b65b0fecd42cfb1e0c43cccf8e8c9f82e9e2848b5c17b31

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: a5a2c217e21780eca32a25bc0eb66db31f330c524391c50cfb4d0e78cc323446

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 7fb344c6f760ccab27308bb3823886be2bf53fa32e3f06b4b98480efa71e3613

libjpeg-turbo-debugsource-2.0.90-6.el9_1.i686.rpm

SHA-256: 8c100a2d3045b821d3f753e15998545764d46338f2bcd76e3554d77745b002f5

libjpeg-turbo-debugsource-2.0.90-6.el9_1.x86_64.rpm

SHA-256: d1c29970fba857a7cb2f95eb7085f5c5816b9726992dac5f18a597f0ad91248b

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: 40586f6d801d66281093eb72d1eb189760e7aff72c0c031709902244c2b216f1

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: e75b5ef636a59fbf1924cb497c6a1241fc0516062d594f73779cd6e2bb06c02a

turbojpeg-2.0.90-6.el9_1.i686.rpm

SHA-256: 20709ba2d06f64d27f982a341a700886b197e31682ef004b7677d0418332564c

turbojpeg-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 4db58f7873d04d8351707f8a6fd47469951f13b357cd00b13ddcc12632064f82

turbojpeg-debuginfo-2.0.90-6.el9_1.i686.rpm

SHA-256: 938946da3723bef59fa7796be3eaf10dcb4db3a0ad98187732c1d79650c2a7e6

turbojpeg-debuginfo-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 11706c2d45a61c16400a48c016965018cd95c529d09bd596ec153da916dd1d19

turbojpeg-devel-2.0.90-6.el9_1.i686.rpm

SHA-256: 47b9a1ec0285cb5dabe1e88cbf9ad8cb224db0444320bbc1fbca5fa37d4a4826

turbojpeg-devel-2.0.90-6.el9_1.x86_64.rpm

SHA-256: 0f00633756d3b2019ef0ffcbd5512f1165e0dc700f084af75ccef190770ab4b2

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: fcb7c5fcd6f6d727f512a4a33a4c6d93e232b9f2efdfa8ffacafb7db8696177d

libjpeg-turbo-debugsource-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: d85a1e843e6f36b9907abb9a40da9f799667fd83e418ec5b8816176f755d5ac6

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 0db3cca3b499d6d01c2fd0ee644545412a903391e496c7468920f71e65e36dad

turbojpeg-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 48b5d6a2d12d1db7adf62692f23ec4d28be3aa9298a7ccb9fe939e1c4a1b7e09

turbojpeg-debuginfo-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 82cd77f7a263b9729c16f2c4e17b4d24c357d19d083445762138fc5826023084

turbojpeg-devel-2.0.90-6.el9_1.ppc64le.rpm

SHA-256: 6943d401567673e1a73a79c5ecf56be8ed81c63e1368fd15d499dcd68bd01e37

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: eacbc235216c6d2965a7651b7b8d2054591d55e84ddc98646b78ba6513718c69

libjpeg-turbo-debugsource-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 940214c1266ea9dbdf8bf340b241adda7db3820c9a31bee0b81b3e638bf6d286

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: c90a20860a251e12068701352f2a86c122922b7a30c360f408ff7a1c3e6ab6ce

turbojpeg-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 1ed07b4905aa65966b8cdac9fa02da536415c8c7dd866cc135c2c02fbdb5c108

turbojpeg-debuginfo-2.0.90-6.el9_1.aarch64.rpm

SHA-256: 961127465da1d83f8b65b0fecd42cfb1e0c43cccf8e8c9f82e9e2848b5c17b31

turbojpeg-devel-2.0.90-6.el9_1.aarch64.rpm

SHA-256: ad375042a213945a945b415bab8baa3076285c656f5a95ae9b045b2edea5f5db

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

libjpeg-turbo-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: d039affff8ce632dfdae42d6ac9708b5e80e3a306e4dfba4e3165c097ff5c845

libjpeg-turbo-debugsource-2.0.90-6.el9_1.s390x.rpm

SHA-256: 702b9742fdaf7c563656b4c22617ab0b48129ae756cd969198e8df3dff6726d4

libjpeg-turbo-utils-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: a95ec1aad48f3901bffc6c770afd30dd0461c55865bee0736d545a3fd5c3ff29

turbojpeg-2.0.90-6.el9_1.s390x.rpm

SHA-256: d0607ac4aae48c09117d84d1b427b040abf696220bf9cfa5e1a6e4ea6ccc6245

turbojpeg-debuginfo-2.0.90-6.el9_1.s390x.rpm

SHA-256: 5b78ea198881d2642940aafe6d9c477e02a6a2e61ddc289512640a3a968c491f

turbojpeg-devel-2.0.90-6.el9_1.s390x.rpm

SHA-256: a72ec01d8d05c737d98966273441ca95dcdc5b6b7a0eeaa1718b85d9583f3253

Related news

Red Hat Security Advisory 2023-1068-01

Red Hat Security Advisory 2023-1068-01 - The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Issues addressed include a buffer overflow vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #web #linux #red_hat #buffer_overflow

Ubuntu Security Notice USN-5631-1

Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service.

2 years ago

Packet Storm

Open in Source

#vulnerability #ubuntu #dos

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

2 years ago

CVE

Open in Source

#vulnerability #js #git

CVE-2021-46822: libjpeg-turbo rdppm.c denial of service Vulnerability Report

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

3 years ago

CVE

Open in Source

#vulnerability #dos #buffer_overflow