Debian 10261 Published by

A libjpeg-turbo security update has been released for Debian GNU/Linux 9 Extended LTS.



ELA-639-1 libjpeg-turbo security update

Package libjpeg-turbo
Version 1:1.5.1-2+deb9u3 (stretch)
Related CVEs CVE-2021-46822

A heap-based buffer overflow vulnerability was found in the libjpeg-turbo image library in the get_word_rgb_row() function in rdppm.c. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.

For Debian 9 stretch, these problems have been fixed in version 1:1.5.1-2+deb9u3.

We recommend that you upgrade your libjpeg-turbo packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-639-1 libjpeg-turbo security update