Published: 16/05/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote malicious users to cause a denial of service (Segmentation fault) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ijg libjpeg 9a
debian debian linux 8.0
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10

Synopsis Moderate: libjpeg-turbo security update Type/Severity Security Advisory: Moderate Topic An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Debian Bug report logs - #904719 libjpeg9: CVE-2018-11813 Package: src:libjpeg9; Maintainer for src:libjpeg9 is Bill Allombert <ballombe@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 23 Jun 2018 07:15:02 UTC Severity: normal Tags: security Found in version libjpeg9/1:9b-2 Reply or sub ...

Debian Bug report logs - #902176 libjpeg9: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 Package: src:libjpeg9; Maintainer for src:libjpeg9 is Bill Allombert <ballombe@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 23 Jun 2018 07:15:02 UTC Severity: normal Tags: security Found in version lib ...

libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file ...

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file(CVE-2016-3616) libjpeg 9c has a large loop because read_pixel in rdtargac mishandles EOF(CVE-2018-11813) An out-of-bounds read vulnerability has been discovered in libjpeg ...

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file(CVE-2016-3616) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgrc file An attacker could use this vulnerability to ca ...

An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file An attacker could use this flaw to crash the application and cause a denial of service ...

NVD-CWE-noinfo https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a https://usn.ubuntu.com/3706-1/https://usn.ubuntu.com/3706-2/https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html https://access.redhat.com/errata/RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:2052 https://nvd.nist.gov https://usn.ubuntu.com/3706-2/

CVE-2018-11214

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect