FPII-2461 : Remote code execution vulnerability in libjpeg CVE-2016-6702 A-30259087
High
A remote code execution vulnerability in libjpeg could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg.
Additional technical details:
A-30259087
A specially crafted JPEG file can be used to call jpeg_open_backing_store with a size larger than 2^32 leading to an integer overflow in ashmem, which could lead to the possibility of remote code execution.
The fix is designed to stop using ashmem to back up data arrays when the maximum memory usage value is reached.
Change-Id: Ia0782aca9fdfd178521f59bc3f1de6f649283ae4
3 files changed