user/libjpeg-turbo: CVE-2019-13960: excessive memory usage on image with incorrect width/height
Bugzilla ID | 172 |
Alias(es) | CVE-2019-13960 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-08-03 00:54:49 -0500 |
Modified | 2019-08-03 00:57:19 -0500 |
Status | RESOLVED INVALID |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13960 |
Description
** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be
used during processing of an invalid progressive JPEG image containing
incorrect width and height values in the image header. NOTE: the
vendor's expectation, for use cases in which this memory usage would
be a denial of service, is that the application should interpret
libjpeg warnings as fatal errors (aborting decompression) and/or set
limits on resource consumption or image sizes.