https://bugzilla.redhat.com/show_bug.cgi?id=1031749
--- Comment #11 from Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> ---
(In reply to Vincent Danen from comment #0)
> Interestingly, the report at [2] indicates that libjpeg does not appear to
> be affected and indicates that a "simple fix for this is to locate get_dht
> in jdmarker.c and make sure that the huffval[] table is zeroed before use"
> however looking at a diff (see below) of jdmarker.c in libjpeg vs
> libjpeg-turbo doesn't seem to back that up (as a result this needs to be
> checked a little more closely as this zeroing of the huffval[] table does
> look applicable to libjpeg as well).
>
This issue does not affect libjpeg because there is already a check in
jpeg_huff_decode():
>From jdhuff.c:
425 /* With garbage input we may reach the sentinel value l = 17. */
426
427 if (l > 16) {
428 WARNMS(state->cinfo, JWRN_HUFF_BAD_CODE);
429 return 0; /* fake a zero as the safest result */
430 }
431
432 return htbl->pub->huffval[ (int) (code + htbl->valoffset[l]) ];
433 }
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QW9Sgm7qny&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1031749
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|1112,reported=20131114,sour |1112,reported=20131114,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:P/I:N/A:N,rhel- |AC:M/Au:N/C:P/I:N/A:N,rhel-
|5/libjpeg=affected,rhel-6/l |5/libjpeg=notaffected,rhel-
|ibjpeg-turbo=affected,rhev- |6/libjpeg-turbo=affected,rh
|h/libjpeg=affected,fedora-a |ev-h/libjpeg=affected,fedor
|ll/libjpeg-turbo=notaffecte |a-all/libjpeg-turbo=notaffe
|d,rhel-7/libjpeg-turbo=nota |cted,rhel-7/libjpeg-turbo=n
|ffected,fedora-all/mingw-li |otaffected,fedora-all/mingw
|bjpeg-turbo=notaffected,epe |-libjpeg-turbo=notaffected,
|l-5/mingw32-libjpeg=affecte |epel-5/mingw32-libjpeg=affe
|d |cted
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=B0BY2S4DcX&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1031749
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|1112,reported=20131114,sour |1112,reported=20131114,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:P/I:N/A:N,rhel- |AC:M/Au:N/C:P/I:N/A:N,rhel-
|5/libjpeg=affected,rhel-6/l |5/libjpeg=affected,rhel-6/l
|ibjpeg=affected,rhev-h/libj |ibjpeg-turbo=affected,rhev-
|peg=affected,fedora-all/lib |h/libjpeg=affected,fedora-a
|jpeg-turbo=notaffected,rhel |ll/libjpeg-turbo=notaffecte
|-7/libjpeg-turbo=notaffecte |d,rhel-7/libjpeg-turbo=nota
|d,fedora-all/mingw-libjpeg- |ffected,fedora-all/mingw-li
|turbo=notaffected,epel-5/mi |bjpeg-turbo=notaffected,epe
|ngw32-libjpeg=affected |l-5/mingw32-libjpeg=affecte
| |d
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7aqhL8JTGK&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1031734
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|1112,reported=20131114,sour |1112,reported=20131114,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:P/I:N/A:N,rhel- |AC:M/Au:N/C:P/I:N/A:N,rhel-
|5/libjpeg=affected,rhel-6/l |5/libjpeg=affected,rhel-6/l
|ibjpeg-turbi=affected,rhev- |ibjpeg-turbo=affected,rhev-
|h/libjpeg=affected,fedora-a |h/libjpeg=affected,fedora-a
|ll/libjpeg-turbo=affected,r |ll/libjpeg-turbo=affected,r
|hel-7/libjpeg-turbo=affecte |hel-7/libjpeg-turbo=affecte
|d,fedora-all/mingw-libjpeg- |d,fedora-all/mingw-libjpeg-
|turbo=affected,epel-5/mingw |turbo=affected,epel-5/mingw
|32-libjpeg=affected |32-libjpeg=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xRnFJ3Furv&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1031734
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|1112,reported=20131114,sour |1112,reported=20131114,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:P/I:N/A:N,rhel- |AC:M/Au:N/C:P/I:N/A:N,rhel-
|5/libjpeg=affected,rhel-6/l |5/libjpeg=affected,rhel-6/l
|ibjpeg=affected,rhev-h/libj |ibjpeg-turbi=affected,rhev-
|peg=affected,fedora-all/lib |h/libjpeg=affected,fedora-a
|jpeg-turbo=affected,rhel-7/ |ll/libjpeg-turbo=affected,r
|libjpeg-turbo=affected,fedo |hel-7/libjpeg-turbo=affecte
|ra-all/mingw-libjpeg-turbo= |d,fedora-all/mingw-libjpeg-
|affected,epel-5/mingw32-lib |turbo=affected,epel-5/mingw
|jpeg=affected |32-libjpeg=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Bl3Zy3LOo5&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1031749
Vincent Danen <vdanen(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|1112,reported=20131114,sour |1112,reported=20131114,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:P/I:N/A:N,rhel- |AC:M/Au:N/C:P/I:N/A:N,rhel-
|5/libjpeg=affected,rhel-6/l |5/libjpeg=affected,rhel-6/l
|ibjpeg=affected,rhev-h/libj |ibjpeg=affected,rhev-h/libj
|peg=affected,fedora-all/lib |peg=affected,fedora-all/lib
|jpeg-turbo=affected,rhel-7/ |jpeg-turbo=notaffected,rhel
|libjpeg-turbo=affected,fedo |-7/libjpeg-turbo=notaffecte
|ra-all/mingw-libjpeg-turbo= |d,fedora-all/mingw-libjpeg-
|affected,epel-5/mingw32-lib |turbo=notaffected,epel-5/mi
|jpeg=affected |ngw32-libjpeg=affected
--- Comment #10 from Vincent Danen <vdanen(a)redhat.com> ---
This is actually fixed in libjpeg-turbo 1.2.90 already, so current Fedora is
not affected by this flaw (in libjpeg-turbo).
This was done via these two commits:
http://sourceforge.net/p/libjpeg-turbo/code/740/http://sourceforge.net/p/libjpeg-turbo/code/830/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7hKalS77EH&a=cc_unsubscribe