ID CVE-2018-11213
Summary An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:ijg:libjpeg:9a
    cpe:2.3:a:ijg:libjpeg:9a
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
NASL family Ubuntu Local Security Checks
NASL id UBUNTU_USN-3706-1.NASL
description It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2018-09-01
modified 2018-08-31
plugin id 110973
published 2018-07-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=110973
title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libjpeg-turbo vulnerabilities (USN-3706-1)
refmap via4
misc https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a
ubuntu
  • USN-3706-1
  • USN-3706-2
Last major update 16-05-2018 - 13:29
Published 16-05-2018 - 13:29
Last modified 11-07-2018 - 21:29
Back to Top