A vulnerability was found in libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes.
Created mingw-libjpeg-turbo tracking bugs for this issue:
Affects: epel-7 [bug 1734640]
Affects: fedora-all [bug 1734639]
Created libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 1734642]
As per upstream, this is a corner case of handling JPGEG images, in which the header says that the size of the JPEG image is 32k x 64k, however the decompresser is not able to handle the data, progressive decompression. libjpeg prints a warning and goes ahead with decompression, which results in large amount memory being allocated and in the end may result in DoS via memory exhaustion or even application crash.
Upstream suggests that applications compiled against libjpeg-turbo should treat these warnings and fatal and abort parsing the image. They do not consider this issue as a security flaw, therefore no patch will be available.
Upstream suggests that applications compiled against libjpeg-turbo should treat these warnings and fatal and abort parsing the image. They do not consider this issue as a security flaw.