CVE-2021-0384 log

Source
Severity Low
Remote No
Type Denial of service
Description
A security issue was found in libjpeg-turbo before version 2.1. Undefined behaviour, namely applying a zero offset to a null pointer in the jpeg_skip_scanlines() function, could lead to an application crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1642 lib32-libjpeg6-turbo 1.5.3-2 Low Vulnerable
AVG-1641 libjpeg6-turbo 1.5.3-2 Low Vulnerable
AVG-1640 lib32-libjpeg-turbo 2.0.6-1 Low Vulnerable
AVG-1639 libjpeg-turbo 2.0.6-1 Low Vulnerable
References
https://source.android.com/security/bulletin/pixel/2021-03-01
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/470
https://android.googlesource.com/platform/external/libjpeg-turbo/+/080c4cc6fa41ec10eed0ff8253b02065b1d746dc
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6d2e8837b440ce4d8befd805a5abc0d351028d70