Bug 1160884 - (CVE-2016-3616) VUL-0: CVE-2016-3616: libjpeg-turbo: null pointer dereference in cjpeg CLI
(CVE-2016-3616)
VUL-0: CVE-2016-3616: libjpeg-turbo: null pointer dereference in cjpeg CLI
Status: RESOLVED WORKSFORME
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/165152/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-14 10:19 UTC by Wolfgang Frisch
Modified: 2020-01-14 10:23 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
crasherfile (25 bytes, application/octet-stream)
2020-01-14 10:22 UTC, Wolfgang Frisch
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-01-14 10:19:37 UTC
CVE-2016-3616

The cjpeg utility in libjpeg allowed remote attackers to cause a
denial of service (NULL pointer dereference and application crash) or
execute arbitrary code via a crafted file.

This issue got fixed by the same patch that fixed CVE-2018-11213 and
CVE-2018-11214.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1318509
https://bugzilla.redhat.com/show_bug.cgi?id=1319661
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3616
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3616.html
https://access.redhat.com/errata/RHSA-2019:2052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616
https://usn.ubuntu.com/3706-2/
https://usn.ubuntu.com/3706-1/
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
Comment 1 Wolfgang Frisch 2020-01-14 10:22:25 UTC
Created attachment 827490 [details]
crasherfile

QA REPRODUCER:
cjpeg -outfile /dev/null crasherfile

This should segfault if cjpeg is vulnerable.
Comment 2 Wolfgang Frisch 2020-01-14 10:23:58 UTC
Not affected:
SUSE:SLE-12:Update
SUSE:SLE-15:Update

Closing.