Bug 1160884 (CVE-2016-3616) - VUL-0: CVE-2016-3616: libjpeg-turbo: null pointer dereference in cjpeg CLI
Summary: VUL-0: CVE-2016-3616: libjpeg-turbo: null pointer dereference in cjpeg CLI
Status: RESOLVED WORKSFORME
Alias: CVE-2016-3616
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/165152/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-14 10:19 UTC by Wolfgang Frisch
Modified: 2020-01-14 10:23 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
crasherfile (25 bytes, application/octet-stream)
2020-01-14 10:22 UTC, Wolfgang Frisch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-01-14 10:19:37 UTC 
CVE-2016-3616

The cjpeg utility in libjpeg allowed remote attackers to cause a
denial of service (NULL pointer dereference and application crash) or
execute arbitrary code via a crafted file.

This issue got fixed by the same patch that fixed CVE-2018-11213 and
CVE-2018-11214.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1318509
https://bugzilla.redhat.com/show_bug.cgi?id=1319661
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3616
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3616.html
https://access.redhat.com/errata/RHSA-2019:2052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3616
https://usn.ubuntu.com/3706-2/
https://usn.ubuntu.com/3706-1/
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
Comment 1 Wolfgang Frisch 2020-01-14 10:22:25 UTC 
Created attachment 827490 [details]
crasherfile

QA REPRODUCER:
cjpeg -outfile /dev/null crasherfile

This should segfault if cjpeg is vulnerable.
Comment 2 Wolfgang Frisch 2020-01-14 10:23:58 UTC 
Not affected:
SUSE:SLE-12:Update
SUSE:SLE-15:Update

Closing.