Info

Disclosure

Jun 11, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Gentoo has issued an update for jpeg. This fixes a security issue, which potentially can be malicious people to cause a DoS (Denial of Service) against applications and services using the jpeg library. The security issue is caused due to the library being compiled without enabling the "--enable-maxmem" feature. This can potentially be exploited to cause a DoS against applications that use the library via a specially crafted JPEG image file that consumes large amount of memory resources.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version "media-libs/jpeg-6b-r7" or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Gentoo Linux

Jpeg Library

6b-r6

References

CVE ID: 2006-3005 (see also: NVD)
Secunia Advisory ID: 20563
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=130889
Packet Storm: http://packetstormsecurity.org/0606-advisories/glsa-200606-11.txt
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200606-11.xml

Credit

Tavis Ormandy - Gentoo Linux Auditing Team

Direct URL: http://osvdb.org/26317