Add libjpeg-turbo 1.5.2 for CVE-2017-15232

author: Nguyễn Gia Phong <cnx@loang.net> 2025-01-29 08:52:40 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-01-29 08:54:46 +0900
commit: d5c5949eee317ee57bf9c9c8748d32f2d08f43bc (patch)
tree: 2246681eab350f92189bc9d244791429fb419e7d
parent: 2ad56faafc85ec99c0a0fbbed21a47f178de7fb5 (diff)
download: loftix-d5c5949eee317ee57bf9c9c8748d32f2d08f43bc.tar.gz
4 files changed, 28 insertions, 1 deletions
diff --git a/README.md b/README.md
index b8f9e4c..07f23e6 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,17 @@ Then run `guix pull`.
 
     guix shell jasper@1.900.19 -- imginfo -f bugs/cve-2016-9557/reproducer
 
+#### CVE-2017-15232
+
+[NULL pointer dereference in quantize_ord_dither function][mozjpeg-268]
+
+    guix shell libjpeg-turbo@1.5.2 --\
+      djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
+        -targa -grayscale -outfile o bugs/cve-2017-15232/1.jpg
+    guix shell libjpeg-turbo@1.5.2 --\
+      djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
+        -targa -grayscale -outfile o bugs/cve-2017-15232/2.jpg
+
 #### CVE-2017-14745
 
 [Integer overflow in elf64-x86-64.c, binutils 2.29.1][sourceware-22148]
@@ -61,6 +72,7 @@ Then run `guix pull`.
 [afl-dyninst]: https://trong.loang.net/~cnx/afl-dyninst/about
 [e9patch]: https://github.com/GJDuck/e9patch
 [python-pacfix]: https://github.com/hsh814/pacfix-python
+[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
+[mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
-[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
diff --git a/bugs/cve-2017-15232/1.jpg b/bugs/cve-2017-15232/1.jpg
new file mode 100644
index 0000000..b04eae5
--- /dev/null
+++ b/bugs/cve-2017-15232/1.jpg
diff --git a/bugs/cve-2017-15232/2.jpg b/bugs/cve-2017-15232/2.jpg
new file mode 100644
index 0000000..8ec86d7
--- /dev/null
+++ b/bugs/cve-2017-15232/2.jpg
diff --git a/loftix/bugs.scm b/loftix/bugs.scm
index e4dcf7b..e02ac1e 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -49,3 +49,18 @@
                 "0dm3k0wdny3s37zxm9s9riv46p69c14bnn532fv6cv5b6l1b0pwb"))))
     (build-system gnu-build-system)
     (inputs '(ijg-libjpeg))))
+
+(define-public libjpeg-turbo-1.5.2
+  (package
+    (inherit libjpeg-turbo)
+    (name "libjpeg-turbo")
+    (version "1.5.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/" name "/" version "/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0a5m0psfp5952y5vrcs0nbdz1y9wqzg2ms0xwrx752034wxr964h"))))
+    (build-system gnu-build-system)
+    (arguments '(#:test-target "test"))))
author	Nguyễn Gia Phong <cnx@loang.net>	2025-01-29 08:52:40 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-01-29 08:54:46 +0900
commit	d5c5949eee317ee57bf9c9c8748d32f2d08f43bc (patch)
tree	2246681eab350f92189bc9d244791429fb419e7d
parent	2ad56faafc85ec99c0a0fbbed21a47f178de7fb5 (diff)
download	loftix-d5c5949eee317ee57bf9c9c8748d32f2d08f43bc.tar.gz