Bug 1734637 (CVE-2019-13960)
Summary: | CVE-2019-13960 libjpeg-turbo: denial of service due to incorrect width and height value of JPEG image | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | erik-fedora, klember, negativo17, nforro, phracek, rh-spice-bugs, rjones, vonsch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-22 05:37:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1734639, 1734640, 1734642 | ||
Bug Blocks: | 1734641 |
Description
Dhananjay Arunesh
2019-07-31 07:00:58 UTC
Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: epel-7 [bug 1734640] Affects: fedora-all [bug 1734639] Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1734642] Analysis: As per upstream, this is a corner case of handling JPGEG images, in which the header says that the size of the JPEG image is 32k x 64k, however the decompresser is not able to handle the data, progressive decompression. libjpeg prints a warning and goes ahead with decompression, which results in large amount memory being allocated and in the end may result in DoS via memory exhaustion or even application crash. Upstream suggests that applications compiled against libjpeg-turbo should treat these warnings and fatal and abort parsing the image. They do not consider this issue as a security flaw, therefore no patch will be available. Statement: Upstream suggests that applications compiled against libjpeg-turbo should treat these warnings and fatal and abort parsing the image. They do not consider this issue as a security flaw. |