libjpeg-turbo: User-assisted execution of arbitrary code An out-of-bounds read in libjpeg-turbo might allow remote attackers to execute arbitrary code. libjpeg-turbo 2016-12-31 2016-12-31 585782 remote 1.5.0 1.5.0

libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression.

The accelerated Huffman decoder was previously invoked if there were 128 bytes in the input buffer. However, it is possible to construct a JPEG image with Huffman blocks > 430 bytes in length. This release simply increases the minimum buffer size for the accelerated Huffman decoder to 512 bytes, which should accommodate any possible input.

A remote attacker could coerce the victim to run a specially crafted image file resulting in the execution of arbitrary code.

There is no known workaround at this time.

All libjpeg-turbo users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-1.5.0" LJT-01-005 Prevent overread when decoding malformed JPEG b-man b-man