diff options
| -rw-r--r-- | README.md | 14 | ||||
| -rw-r--r-- | bugs/cve-2017-15232/1.jpg | bin | 0 -> 5766 bytes | |||
| -rw-r--r-- | bugs/cve-2017-15232/2.jpg | bin | 0 -> 5520 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 15 |
4 files changed, 28 insertions, 1 deletions
diff --git a/README.md b/README.md index b8f9e4c..07f23e6 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,17 @@ Then run `guix pull`. guix shell jasper@1.900.19 -- imginfo -f bugs/cve-2016-9557/reproducer +#### CVE-2017-15232 + +[NULL pointer dereference in quantize_ord_dither function][mozjpeg-268] + + guix shell libjpeg-turbo@1.5.2 --\ + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve-2017-15232/1.jpg + guix shell libjpeg-turbo@1.5.2 --\ + djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ + -targa -grayscale -outfile o bugs/cve-2017-15232/2.jpg + #### CVE-2017-14745 [Integer overflow in elf64-x86-64.c, binutils 2.29.1][sourceware-22148] @@ -61,6 +72,7 @@ Then run `guix pull`. [afl-dyninst]: https://trong.loang.net/~cnx/afl-dyninst/about [e9patch]: https://github.com/GJDuck/e9patch [python-pacfix]: https://github.com/hsh814/pacfix-python +[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c +[mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 -[jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c diff --git a/bugs/cve-2017-15232/1.jpg b/bugs/cve-2017-15232/1.jpg new file mode 100644 index 0000000..b04eae5 --- /dev/null +++ b/bugs/cve-2017-15232/1.jpg Binary files differdiff --git a/bugs/cve-2017-15232/2.jpg b/bugs/cve-2017-15232/2.jpg new file mode 100644 index 0000000..8ec86d7 --- /dev/null +++ b/bugs/cve-2017-15232/2.jpg Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index e4dcf7b..e02ac1e 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -49,3 +49,18 @@ "0dm3k0wdny3s37zxm9s9riv46p69c14bnn532fv6cv5b6l1b0pwb")))) (build-system gnu-build-system) (inputs '(ijg-libjpeg)))) + +(define-public libjpeg-turbo-1.5.2 + (package + (inherit libjpeg-turbo) + (name "libjpeg-turbo") + (version "1.5.2") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/" name "/" version "/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "0a5m0psfp5952y5vrcs0nbdz1y9wqzg2ms0xwrx752034wxr964h")))) + (build-system gnu-build-system) + (arguments '(#:test-target "test")))) |
