Debian 10261 Published by

A libjpeg-turbo security update has been released for Debian GNU/Linux 8 Extended LTS to address two security vulnerabilities.



ELA-276-1 libjpeg-turbo security update

Package libjpeg-turbo
Version 1:1.3.1-12+deb8u3
Related CVEs CVE-2020-13790 CVE-2020-14152

Two security vulnerabilities were discovered in libjpeg-turbo, a library for handling JPEG image files.

CVE-2020-13790

Heap-based buffer over-read via a PPM input file.
CVE-2020-14152

Improper handling of max_memory_to_use setting can lead to excessive memory
consumption.
For Debian 8 jessie, these problems have been fixed in version 1:1.3.1-12+deb8u3.

We recommend that you upgrade your libjpeg-turbo packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-276-1 libjpeg-turbo security update