]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4a4413a) | patch
libjpeg-turbo: Fix CVE-2020-13790
authorjason.lau <Haitao.Liu@windriver.com>
Thu, 18 Jun 2020 08:31:36 +0000 (16:31 +0800)
committerAnuj Mittal <anuj.mittal@intel.com>
Mon, 29 Jun 2020 05:17:11 +0000 (13:17 +0800)
commit90f4e2f299d8cd6c839b73307dc7b0ec3d389294
tree0569e94e61dd9c445f6b74647294f7cd6049b736tree | snapshot
parent4a4413aa521f35414d94f883a74aec3beb628a9acommit | diff
libjpeg-turbo: Fix CVE-2020-13790

libjpeg-turbo 2.0.4 has a heap-based buffer over-read
in get_rgb_row() in rdppm.c via a malformed PPM input file.

Upstream-Status: Backport
[https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a]

CVE:CVE-2020-13790

Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch [new file with mode: 0644] blob
meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb diff | blob | history
Mirror of the official openembedded-core repository