ELA-276-1 libjpeg-turbo security update

buffer over-read

2020-09-04
Packagelibjpeg-turbo
Version1:1.3.1-12+deb8u3
Related CVEs CVE-2020-13790 CVE-2020-14152

Two security vulnerabilities were discovered in libjpeg-turbo, a library for handling JPEG image files.

CVE-2020-13790

Heap-based buffer over-read via a PPM input file.

CVE-2020-14152

Improper handling of max_memory_to_use setting can lead to excessive memory
consumption.

For Debian 8 jessie, these problems have been fixed in version 1:1.3.1-12+deb8u3.

We recommend that you upgrade your libjpeg-turbo packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/