libjpeg-turbo: code execution (CVE-2019-2201)
There is an integer overflow and subsequent heap corruption in libjpeg-turbo 2.0.3 and earlier.
References:
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
- https://www.openwall.com/lists/oss-security/2019/11/11/1
Patch:
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad