Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1350

Related Vulnerabilities: CVE-2016-3616   CVE-2018-11212   CVE-2018-11213   CVE-2018-11214   CVE-2018-11813   CVE-2018-14498  

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.CVE-2018-11212) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)

Source

ALAS2-2019-1350

Amazon Linux 2 Security Advisory: ALAS-2019-1350
Advisory Release Date: 2019-11-04 22:23 Pacific
Advisory Updated Date: 2019-11-07 00:30 Pacific
Severity: Medium
Issue Overview:

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616)

A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.
CVE-2018-11212)

An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213)

An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214)

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813)

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)


Affected Packages:

libjpeg-turbo


Issue Correction:
Run yum update libjpeg-turbo to update your system.

New Packages:
aarch64:
    libjpeg-turbo-1.2.90-6.amzn2.0.3.aarch64
    libjpeg-turbo-devel-1.2.90-6.amzn2.0.3.aarch64
    libjpeg-turbo-utils-1.2.90-6.amzn2.0.3.aarch64
    libjpeg-turbo-static-1.2.90-6.amzn2.0.3.aarch64
    turbojpeg-1.2.90-6.amzn2.0.3.aarch64
    turbojpeg-devel-1.2.90-6.amzn2.0.3.aarch64
    libjpeg-turbo-debuginfo-1.2.90-6.amzn2.0.3.aarch64

i686:
    libjpeg-turbo-1.2.90-6.amzn2.0.3.i686
    libjpeg-turbo-devel-1.2.90-6.amzn2.0.3.i686
    libjpeg-turbo-utils-1.2.90-6.amzn2.0.3.i686
    libjpeg-turbo-static-1.2.90-6.amzn2.0.3.i686
    turbojpeg-1.2.90-6.amzn2.0.3.i686
    turbojpeg-devel-1.2.90-6.amzn2.0.3.i686
    libjpeg-turbo-debuginfo-1.2.90-6.amzn2.0.3.i686

src:
    libjpeg-turbo-1.2.90-6.amzn2.0.3.src

x86_64:
    libjpeg-turbo-1.2.90-6.amzn2.0.3.x86_64
    libjpeg-turbo-devel-1.2.90-6.amzn2.0.3.x86_64
    libjpeg-turbo-utils-1.2.90-6.amzn2.0.3.x86_64
    libjpeg-turbo-static-1.2.90-6.amzn2.0.3.x86_64
    turbojpeg-1.2.90-6.amzn2.0.3.x86_64
    turbojpeg-devel-1.2.90-6.amzn2.0.3.x86_64
    libjpeg-turbo-debuginfo-1.2.90-6.amzn2.0.3.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started