From owner-svn-ports-head@FreeBSD.ORG Wed Jul 18 20:28:48 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CD1B106566B; Wed, 18 Jul 2012 20:28:48 +0000 (UTC) (envelope-from cs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3D32D8FC12; Wed, 18 Jul 2012 20:28:48 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q6IKSmRu008047; Wed, 18 Jul 2012 20:28:48 GMT (envelope-from cs@svn.freebsd.org) Received: (from cs@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q6IKSlDC008045; Wed, 18 Jul 2012 20:28:47 GMT (envelope-from cs@svn.freebsd.org) Message-Id: <201207182028.q6IKSlDC008045@svn.freebsd.org> From: Carlo Strub Date: Wed, 18 Jul 2012 20:28:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r301124 - head/security/vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 20:28:48 -0000 Author: cs Date: Wed Jul 18 20:28:47 2012 New Revision: 301124 URL: http://svn.freebsd.org/changeset/ports/301124 Log: Document buffer overflow in jpeg-turbo PR: ports/169963 Submitted by: Denis E Podolskiy Security: CVE-2012-2806 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 18 20:26:20 2012 (r301123) +++ head/security/vuxml/vuln.xml Wed Jul 18 20:28:47 2012 (r301124) @@ -52,6 +52,41 @@ Note: Please add new entries to the beg --> + + libjpeg-turbo -- heap-based buffer overflow + + + libjpeg-turbo + 1.2.0 + + + + +
+

The Changelog for version 1.2.1 says: Fixed a regression caused by + 1.2.0[6] in which decompressing corrupt JPEG images (specifically, + images in which the component count was erroneously set to a large + value) would cause libjpeg-turbo to segfault.

+
+
+

A Heap-based buffer overflow was found in the way libjpeg-turbo + decompressed certain corrupt JPEG images in which the component count + was erroneously set to a large value. An attacker could create a + specially-crafted JPEG image that, when opened, could cause an + application using libpng to crash or, possibly, execute arbitrary code + with the privileges of the user running the application.

+
+ +
+ + CVE-2012-2806 + + + 2012-05-31 + 2012-07-18 + +
+ Dokuwiki -- cross site scripting vulnerability