libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference
in jdpostct.c and jquant1.c
via a crafted JPEG file.
CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of
service vulnerability caused by
a divide by zero when processing a crafted BMP image.
CVE-2018-11813: “cjpeg” utility large loop because read_pixel in rdtarga.c mishandles EOF
(from redmine: issue id 9426, created on 2018-09-20, closed on 2018-09-27)