PublicDateAtUSN: 2017-10-10 Candidate: CVE-2014-9092 PublicDate: 2017-10-10 13:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9092 http://www.openwall.com/lists/oss-security/2014/11/26/8 https://ubuntu.com/security/notices/USN-3706-1 https://ubuntu.com/security/notices/USN-3706-2 Description: libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. Ubuntu-Description: Notes: mdeslaur> libjpeg-turbo in Ubuntu is not based on the Debian package. Bugs: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1385903 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26482&sid=81658bc2f51a8d9893279cd01e83783f http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369 http://sourceforge.net/p/libjpeg-turbo/bugs/64/ Priority: low Discovered-by: Bastien ROUCARIES Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_libjpeg-turbo: upstream: http://sourceforge.net/p/libjpeg-turbo/code/1365/ upstream: http://sourceforge.net/p/libjpeg-turbo/code/1367/ upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/402a715f82313384ef4606660c32d8678c79f197 Tags_libjpeg-turbo: stack-protector upstream_libjpeg-turbo: released (1:1.3.1-11) lucid_libjpeg-turbo: DNE precise_libjpeg-turbo: ignored (reached end-of-life) precise/esm_libjpeg-turbo: released (1.1.90+svn733-0ubuntu4.5) trusty_libjpeg-turbo: released (1.3.0-0ubuntu2.1) trusty/esm_libjpeg-turbo: released (1.3.0-0ubuntu2.1) utopic_libjpeg-turbo: ignored (reached end-of-life) vivid_libjpeg-turbo: ignored (reached end-of-life) vivid/stable-phone-overlay_libjpeg-turbo: ignored (reached end-of-life) vivid/ubuntu-core_libjpeg-turbo: DNE wily_libjpeg-turbo: ignored (reached end-of-life) xenial_libjpeg-turbo: not-affected (1.4.2-0ubuntu3) esm-infra/xenial_libjpeg-turbo: not-affected (1.4.2-0ubuntu3) yakkety_libjpeg-turbo: not-affected (1.5.0-0ubuntu1) zesty_libjpeg-turbo: not-affected (1.5.1-0ubuntu1) artful_libjpeg-turbo: not-affected (1.5.1-0ubuntu1) bionic_libjpeg-turbo: not-affected (1.5.1-0ubuntu1) devel_libjpeg-turbo: not-affected (1.5.1-0ubuntu1)