Hi Bill What I did was to check that the vulnerable code was there (patch looks like it can apply). I did not look into whether the code could actually be triggered.
Best regards // Ola On 16 October 2017 at 13:54, Bill Allombert <[email protected]> wrote: > On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote: >> Hi >> >> Sorry. Wrong year in the CVE. >> >> The correct CVE is CVE-2017-15232. > > Yes, I finally found it. Any evidence it affects libjpeg ? For all I > see it relies on code added to libjpeg-turbo. > To start with, djpeg in wheezy lacks the -crop option. > > Cheers, > -- > Bill. <[email protected]> > > Imagine a large red swirl here. -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
