CVE-2018-11212

Description

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Related CPE's

aijglibjpeg9a*******

odebiandebian_linux8.0*******

ocanonicalubuntu_linux16.04***lts***

ocanonicalubuntu_linux14.04***lts***

ocanonicalubuntu_linux12.04***esm***

ocanonicalubuntu_linux18.04***lts***

anetapponcommand_unified_manager********

anetapponcommand_unified_manager*****windows**

anetapponcommand_workflow_automation********

anetapponcommand_unified_manager*****vmware_vsphere**

References

https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a

ExploitThird Party Advisory

USN-3706-1

Third Party Advisory

USN-3706-2

Third Party Advisory

106583

Third Party AdvisoryVDB Entry

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20190118-0001/

PatchThird Party Advisory

[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update

Third Party Advisory

RHSA-2019:0469

Third Party Advisory

RHSA-2019:0474

Third Party Advisory

RHSA-2019:0473

Third Party Advisory

RHSA-2019:0472

Third Party Advisory

openSUSE-SU-2019:0346

Mailing ListThird Party Advisory

RHSA-2019:0640

Third Party Advisory

RHSA-2019:1238

openSUSE-SU-2019:1439

openSUSE-SU-2019:1500

RHSA-2019:2052

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us

http://www.ijg.org/

https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git

https://www.oracle.com/security-alerts/cpuapr2022.html

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

6.5

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Version

3.0

UserInteraction

REQUIRED

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

4.3

Created by Yello
About Severity.io