Lucene search

Gentoo FoundationGLSA-200606-11

HistoryJun 11, 2006 - 12:00 a.m.

JPEG library: Denial of service

2006-06-1100:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.005

Percentile

77.2%

JSON

Background

The JPEG library is able to load, handle and manipulate images in the JPEG format.

Description

Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended.

Impact

By enticing a user to load a specially crafted JPEG image file an attacker could cause a Denial of Service, due to memory exhaustion.

Workaround

There is no known workaround at this time.

Resolution

JPEG users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/jpeg-6b-r7"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/jpeg< 6b-r7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-libs/jpeg	< 6b-r7	UNKNOWN

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.005

Percentile

77.2%

JSON

Related for GLSA-200606-11