Source: libjpeg-turbo Version: 1:1.5.2-2 Severity: important Tags: security upstream Forwarded: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
Hi, the following vulnerability was published for libjpeg-turbo. CVE-2017-15232[0]: | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and | jquant1.c via a crafted JPEG file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15232 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232 [1] https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 [2] https://github.com/mozilla/mozjpeg/issues/268 Regards, Salvatore

