An out of bounds read flaw was found in the libjpeg-turbo component of the Chromium browser.
Created chromium tracking bugs for this issue:
Affects: epel-all [bug 2006932]
Affects: fedora-all [bug 2006931]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Created libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 2007307]
Created mingw-libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 2007309]
The upstream bug report remains private at this point. However, its bug is referenced by this commit:
This commit updates libjpeg-turbo bundled with Chromium sources from version 2.1.0 to 2.1.1. The CVE assignment seems to be for this change mentioned in the commit message:
Notable changes include a fix for a crash in the 64-bit SSE2 Huffman
This should correspond to the following libjpeg-turbo commit:
Note that the commit message notes the problem was introduced in commit 087c29e, which was added in version 2.0.90 according git tags.
This is libjpeg-turbo upstream bug report, that points back to the Chromium bug:
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):