Bug 1937385 (CVE-2021-20205)
Summary: | CVE-2021-20205 libjpeg-turbo: DoS via open crafted GIF | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dcommander, erik-fedora, kaycoth, klember, manisandro, negativo17, nforro, phracek, rh-spice-bugs, rjones, vonsch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libjpeg-turbo 2.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in libjpeg-turbo (versions 2.0.91 and 2.0.90) and is vulnerable to a denial of service issue caused by a divide by zero when processing a crafted GIF image. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-02 23:11:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1937387, 1937388, 1938013 | ||
Bug Blocks: | 1937390 |
Description
Dhananjay Arunesh
2021-03-10 14:31:53 UTC
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1937387] Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1937388] Denial of service? Really? What, pray tell, is the "service" that was being denied? This bug was confined to the cjpeg application, whose main purpose is to demonstrate the usage of the libjpeg API library. The library itself was not affected, and thus no other applications were affected. Assigning a CVE to this seems like an overreaction, particularly given that the bug was a regression introduced by a new feature in a beta (non-production) release of libjpeg-turbo, and the bug was fixed two months before this Bugzilla issue was even created. To those in the open source community, please stop abusing the term "DoS". cjpeg is not, by any stretch of the imagination, a "service", and if it crashes rather than bowing out gracefully on a corrupt input image, that isn't a "denial of service." Statement: This flaw does not affect versions of libjpeg-turbo shipped with Red Hat Enterprise Linux versions 6, 7, or 8. Additionally, it is not in the library, only the cjpeg utility. Correct. More specifically, the flaw only affects libjpeg-turbo 2.1 beta1. It was introduced as part of a new feature in libjpeg-turbo 2.1 that adds support for creating JPEG files from LZW-compressed GIF files using cjpeg. Also please note that 2.0.91 is not an official release of libjpeg-turbo. 2.0.90 is 2.1 beta1. The version number in the Git repository was bumped to 2.0.91 for post-beta commits, but that version number would only become official if it were necessary to put out a beta2 release (which it isn't.) Thus, to be 100% correct, this issue affects: - The official 2.0.90 (2.1 beta1) release - Any unofficial/pre-release builds with a version number of 2.0.91 and a build number < 20210114 |