A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Red Hat would like to thank Chris Evans of the Google Security Team for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter
Created libjpeg-turbo tracking bugs for this issue
Affects: fedora-all [bug 840719]
libjpeg-turbo-1.2.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.