CVE-2018-11212
Description
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
Related CPE's
References
ExploitThird Party Advisory
Third Party Advisory
Third Party Advisory
Third Party AdvisoryVDB Entry
PatchThird Party Advisory
PatchThird Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Mailing ListThird Party Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | HIGH |
IntegrityImpact | NONE |
PrivilegesRequired | NONE |
BaseScore | 6.5 |
VectorString | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Version | 3.0 |
UserInteraction | REQUIRED |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:N/I:N/A:P |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | NONE |
AvailabilityImpact | PARTIAL |
BaseScore | 4.3 |