Log

CVE-2019-2201 edited at 11 Nov 2019 16:23:15
References
https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
+ https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
CVE-2019-2201 edited at 11 Nov 2019 16:09:58
Description
+ Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images.
AVG-1067 edited at 11 Nov 2019 16:06:38
Severity
- Unknown
+ High
CVE-2019-2201 edited at 11 Nov 2019 16:06:38
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
References
+ https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
Notes
AVG-1067 edited at 11 Nov 2019 16:03:49
Advisory qualified
- Yes
+ No
AVG-1067 created at 11 Nov 2019 16:03:46
Packages
+ libjpeg-turbo
Issues
+ CVE-2019-2201
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.0.2-1
Fixed
+ 2.0.3-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2019-2201 created at 11 Nov 2019 16:03:46
AVG-1064 edited at 11 Nov 2019 08:44:57
Status
- Testing
+ Fixed
AVG-1065 edited at 11 Nov 2019 08:44:57
Status
- Testing
+ Fixed
AVG-1066 edited at 11 Nov 2019 08:44:57
Status
- Testing
+ Fixed
ASA-201911-9 edited at 07 Nov 2019 17:56:12
ASA-201911-8 edited at 07 Nov 2019 11:39:31
Workaround
- CVE-2019-12526
Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN
- CVE-2019-18678
There are no workarounds for this vulnerability.
- CVE-2019-18679
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param
+ digest ...' configuration settings from squid.conf.