)]}'
{
  "commit": "0463f7c9aad060fcd56e98d025ce16185279e2bc",
  "tree": "9604d7952ebfff8a75117a97dc4a9a3c4543ab6b",
  "parents": [
    "939e46608242cbb7050431ed102d9e74bf8c4db0"
  ],
  "author": {
    "name": "DRC",
    "email": "information@libjpeg-turbo.org",
    "time": "Thu Feb 04 18:34:38 2016 -0600"
  },
  "committer": {
    "name": "DRC",
    "email": "information@libjpeg-turbo.org",
    "time": "Thu Feb 04 18:43:48 2016 -0600"
  },
  "message": "Prevent overread when decoding malformed JPEG\n\nThe accelerated Huffman decoder was previously invoked if there were\n\u003e 128 bytes in the input buffer.  However, it is possible to construct a\nJPEG image with Huffman blocks \u003e 430 bytes in length\n(http://stackoverflow.com/questions/2734678/jpeg-calculating-max-size).\nWhile such images are pathological and could never be created by a\nJPEG compressor, it is conceivable that an attacker could use such an\nartifially-constructed image to trigger an input buffer overrun in the\nlibjpeg-turbo decompressor and thus gain access to some of the data on\nthe calling program\u0027s heap.\n\nThis patch simply increases the minimum buffer size for the accelerated\nHuffman decoder to 512 bytes, which should (hopefully) accommodate any\npossible input.\n\nThis addresses a major issue (LJT-01-005) identified in a security audit\nby Cure53.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "28aca8ad08bb885bb73772633a9b71ed4865f2dd",
      "old_mode": 33188,
      "old_path": "ChangeLog.txt",
      "new_id": "3b6d05b7c2b761668183160e66e79e35aeaafe89",
      "new_mode": 33188,
      "new_path": "ChangeLog.txt"
    },
    {
      "type": "modify",
      "old_id": "4197cc5ce55ad8ec33f02708b27d9b5967f139e5",
      "old_mode": 33188,
      "old_path": "jdhuff.c",
      "new_id": "59b065a1630a0f5559cb42284e85209cdfbd7aa1",
      "new_mode": 33188,
      "new_path": "jdhuff.c"
    }
  ]
}
