An out of bounds read flaw was found in the libjpeg-turbo component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=1234259 External References: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
Created chromium tracking bugs for this issue: Affects: epel-all [bug 2006932] Affects: fedora-all [bug 2006931]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 2007307] Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 2007309]
The upstream bug report remains private at this point. However, its bug is referenced by this commit: https://source.chromium.org/chromium/_/chromium/chromium/deps/libjpeg_turbo.git/+/ff19e5b2e176c61d552f68768e0e051867745321 https://chromium-review.googlesource.com/c/chromium/deps/libjpeg_turbo/+/3085321 This commit updates libjpeg-turbo bundled with Chromium sources from version 2.1.0 to 2.1.1. The CVE assignment seems to be for this change mentioned in the commit message: """ Notable changes include a fix for a crash in the 64-bit SSE2 Huffman encoder. """ This should correspond to the following libjpeg-turbo commit: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2849d86aaae168fcac2e1b6c373c249781a41c5c Note that the commit message notes the problem was introduced in commit 087c29e, which was added in version 2.0.90 according git tags.
This is libjpeg-turbo upstream bug report, that points back to the Chromium bug: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/543
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-37972