Gentoo Linux JPEG media-libs/jpeg denial of service
| jpeg-medialibs-dos (31451) |  Low Risk |
Description:
The JPEG library on Gentoo Linux is vulnerable to a denial of service, caused by a vulnerability in media-libs/jpeg which allows the compilation of the library while the enable-maxmem feature is disabled. By persuading a victim into opening a specially-crafted JPEG image file, a remote attacker could consume large amounts of memory resources, resulting in a denial of service..
Platforms Affected:
- Gentoo, Linux
Remedy:
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 200606-11 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Denial of Service
References:
- CVE-2006-3005: The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
- GLSA-200606-11: JPEG library: Denial of Service
- OSVDB ID: 26317: Gentoo Linux jpeg Library -maxmem DoS
Reported:
Jun 11, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net