libjpeg-turbo: Information disclosure

libjpeg-turbo: Information disclosure An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information. libjpeg-turbo 2020-10-20 2020-10-20 727010 local, remote 1.5.3-r3 2.0.4-r1 2.0.4-r1

libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.

It was discovered that libjpeg-turbo incorrectly handled certain PPM files.

A remote attacker could entice a user to open a specially crafted PPM file using an application linked against libjpeg-turbo, possibly allowing attacker to obtain sensitive information.

There is no known workaround at this time.

All libjpeg-turbo 1.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/libjpeg-turbo-1.5.3-r3:0/0.1"

All libjpeg-turbo 2.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/libjpeg-turbo-2.0.4-r1:0/0.2"

CVE-2020-13790 sam_c whissi