Candidate: CVE-2016-6702
PublicDate: 2016-11-25 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6702
 https://source.android.com/security/bulletin/2016-11-01.html
 https://github.com/android-security/android_external_jpeg/commit/19a6799932f7468f24c972f9acfc314ebbfc9ab2
Description:
 A remote code execution vulnerability in libjpeg in Android 4.x before
 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker
 using a specially crafted file to execute arbitrary code in the context of
 an unprivileged process. This issue is rated as High due to the possibility
 of remote code execution in an application that uses libjpeg. Android ID:
 A-30259087.
Ubuntu-Description:
Notes:
 jdstrand> libjpeg on android. chromium-browser uses system libjpeg
 mdeslaur> PoC is here: https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-6702
 mdeslaur> libjpeg-turbo in Debian/Ubuntu has a stub for jpeg_open_backing_store
 mdeslaur> this is an issue in the android ashmem backing store
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_chromium-browser:
upstream_chromium-browser: needs-triage
precise_chromium-browser: not-affected (code not present)
precise/esm_chromium-browser: DNE (precise was not-affected [code not present])
trusty_chromium-browser: ignored (uses system libjpeg-turbo8)
trusty/esm_chromium-browser: DNE (trusty was ignored [uses system libjpeg-turbo8])
vivid/ubuntu-core_chromium-browser: DNE
vivid/stable-phone-overlay_chromium-browser: DNE
xenial_chromium-browser: ignored (uses system libjpeg-turbo8)
yakkety_chromium-browser: ignored (uses system libjpeg-turbo8)
zesty_chromium-browser: ignored (uses system libjpeg-turbo8)
artful_chromium-browser: ignored (uses system libjpeg-turbo8)
bionic_chromium-browser: ignored (uses system libjpeg-turbo8)
devel_chromium-browser: ignored (uses system libjpeg-turbo8)

Patches_oxide-qt:
upstream_oxide-qt: needs-triage
precise_oxide-qt: DNE
precise/esm_oxide-qt: DNE
trusty_oxide-qt: not-affected (code not present)
trusty/esm_oxide-qt: DNE (trusty was not-affected [code not present])
vivid/ubuntu-core_oxide-qt: DNE
vivid/stable-phone-overlay_oxide-qt: not-affected (code not present)
xenial_oxide-qt: ignored (uses system libjpeg-turbo8)
esm-infra/xenial_oxide-qt: ignored (uses system libjpeg-turbo8)
yakkety_oxide-qt: ignored (uses system libjpeg-turbo8)
zesty_oxide-qt: ignored (uses system libjpeg-turbo8)
artful_oxide-qt: ignored (uses system libjpeg-turbo8)
bionic_oxide-qt: DNE
devel_oxide-qt: DNE

Patches_android:
upstream_android: released (4.4.4, 5.0.2, 5.1.1)
precise_android: DNE
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE

Patches_libjpeg6b:
upstream_libjpeg6b: needs-triage
precise_libjpeg6b: not-affected (code not present)
precise/esm_libjpeg6b: DNE (precise was not-affected [code not present])
trusty_libjpeg6b: not-affected (code not present)
trusty/esm_libjpeg6b: not-affected (code not present)
vivid/stable-phone-overlay_libjpeg6b: DNE
vivid/ubuntu-core_libjpeg6b: DNE
xenial_libjpeg6b: not-affected (code not present)
yakkety_libjpeg6b: not-affected (code not present)
zesty_libjpeg6b: not-affected (code not present)
artful_libjpeg6b: not-affected (code not present)
bionic_libjpeg6b: not-affected (code not present)
devel_libjpeg6b: not-affected (code not present)

Patches_libjpeg9:
upstream_libjpeg9: needs-triage
precise_libjpeg9: DNE
precise/esm_libjpeg9: DNE
trusty_libjpeg9: DNE
trusty/esm_libjpeg9: DNE
vivid/stable-phone-overlay_libjpeg9: DNE
vivid/ubuntu-core_libjpeg9: DNE
xenial_libjpeg9: not-affected (code not present)
yakkety_libjpeg9: not-affected (code not present)
zesty_libjpeg9: not-affected (code not present)
artful_libjpeg9: not-affected (code not present)
bionic_libjpeg9: not-affected (code not present)
devel_libjpeg9: not-affected (code not present)

Patches_libjpeg-turbo:
upstream_libjpeg-turbo: needs-triage
precise_libjpeg-turbo: not-affected (code not present)
precise/esm_libjpeg-turbo: not-affected (code not present)
trusty_libjpeg-turbo: not-affected (code not present)
trusty/esm_libjpeg-turbo: not-affected (code not present)
vivid/stable-phone-overlay_libjpeg-turbo: not-affected (code not present)
vivid/ubuntu-core_libjpeg-turbo: DNE
xenial_libjpeg-turbo: not-affected (code not present)
esm-infra/xenial_libjpeg-turbo: not-affected (code not present)
yakkety_libjpeg-turbo: not-affected (code not present)
zesty_libjpeg-turbo: not-affected (code not present)
artful_libjpeg-turbo: not-affected (code not present)
bionic_libjpeg-turbo: not-affected (code not present)
devel_libjpeg-turbo: not-affected (code not present)