ID CVE-2018-11212
Summary An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*
    cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
  • cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update_201:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update_201:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_192:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_192:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-06-2019 - 15:29)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2019:0469
  • rhsa
    id RHSA-2019:0472
  • rhsa
    id RHSA-2019:0473
  • rhsa
    id RHSA-2019:0474
  • rhsa
    id RHSA-2019:0640
  • rhsa
    id RHSA-2019:1238
refmap via4
bid 106583
confirm
misc https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a
mlist [debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update
suse
  • openSUSE-SU-2019:0346
  • openSUSE-SU-2019:1439
  • openSUSE-SU-2019:1500
ubuntu
  • USN-3706-1
  • USN-3706-2
Last major update 03-06-2019 - 15:29
Published 16-05-2018 - 17:29
Back to Top