Mandriva Linux Security Advisory : libjpeg-turbo (MDVSA-2012:121)
Medium Nessus Plugin ID 61971
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in libjpeg-turbo :
A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-2806).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.