Candidate: CVE-2017-9614
PublicDate: 2017-07-27 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9614
 http://seclists.org/fulldisclosure/2017/Jul/66
Description:
 The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows
 remote attackers to cause a denial of service (invalid memory access and
 application crash) or possibly have unspecified other impact via a crafted
 jpg file.
Ubuntu-Description:
Notes:
 mdeslaur> this isn't actually a security issue in libjpeg-turbo, it is a
 mdeslaur> bad usage of the API. See upstream bug.
Bugs:
 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869927
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_libjpeg-turbo:
upstream_libjpeg-turbo: needed
precise/esm_libjpeg-turbo: not-affected
trusty_libjpeg-turbo: not-affected
trusty/esm_libjpeg-turbo: not-affected
vivid/ubuntu-core_libjpeg-turbo: DNE
xenial_libjpeg-turbo: not-affected
esm-infra/xenial_libjpeg-turbo: not-affected
zesty_libjpeg-turbo: ignored (reached end-of-life)
artful_libjpeg-turbo: not-affected
bionic_libjpeg-turbo: not-affected
devel_libjpeg-turbo: not-affected