CVE-2016-3616

Опубликовано: 13 фев. 2017

Источник: debian

Описание

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libjpeg-turbo	fixed	1:1.4.2-1		package
libjpeg6b	unfixed			package
libjpeg8	unfixed			package
libjpeg8	no-dsa		wheezy	package
libjpeg9	fixed	1:9b-2		package

Примечания

libjpeg-turbo: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
unimportant, since cjpeg not installed in binary package in any suite having src:libjpeg6b
cjpeg in src:libjpeg8 vulnerable, but not installed in binary package since 8d1-2
https://bugzilla.redhat.com/show_bug.cgi?id=1319661
https://bugzilla.redhat.com/show_bug.cgi?id=1318509

Связанные уязвимости

CVE-2016-3616

CVSS3: 8.8

ubuntu

почти 9 лет назад

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CVE-2016-3616

redhat

почти 10 лет назад

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CVE-2016-3616

CVSS3: 8.8

nvd

почти 9 лет назад

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

GHSA-pj5x-cj5m-45mx

CVSS3: 8.8

github

больше 3 лет назад

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

ELSA-2019-2052

oracle-oval

больше 6 лет назад

ELSA-2019-2052: libjpeg-turbo security update (MODERATE)