ID CVE-2018-11212
Summary An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*
    cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-04-2022 - 00:15)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2019:0469
  • rhsa
    id RHSA-2019:0472
  • rhsa
    id RHSA-2019:0473
  • rhsa
    id RHSA-2019:0474
  • rhsa
    id RHSA-2019:0640
  • rhsa
    id RHSA-2019:1238
  • rhsa
    id RHSA-2019:2052
rpms
  • java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-demo-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-plugin-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-src-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.30-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.30-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.30-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.30-1jpp.1.el7
  • java-1.7.1-ibm-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.40-1jpp.1.el7
  • java-1.7.1-ibm-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.7.1-ibm-demo-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.7.1-ibm-devel-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.7.1-ibm-plugin-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.7.1-ibm-src-1:1.7.1.4.40-1jpp.1.el6_10
  • java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el6_10
  • java-1.8.0-ibm-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-demo-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-devel-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-headless-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-plugin-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-src-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-webstart-1:1.8.0.5.35-3.el8_0
  • libjpeg-turbo-0:1.2.90-8.el7
  • libjpeg-turbo-debuginfo-0:1.2.90-8.el7
  • libjpeg-turbo-devel-0:1.2.90-8.el7
  • libjpeg-turbo-static-0:1.2.90-8.el7
  • libjpeg-turbo-utils-0:1.2.90-8.el7
  • turbojpeg-0:1.2.90-8.el7
  • turbojpeg-devel-0:1.2.90-8.el7
refmap via4
bid 106583
confirm
misc
mlist [debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update
suse
  • openSUSE-SU-2019:0346
  • openSUSE-SU-2019:1439
  • openSUSE-SU-2019:1500
ubuntu
  • USN-3706-1
  • USN-3706-2
Last major update 20-04-2022 - 00:15
Published 16-05-2018 - 17:29
Last modified 20-04-2022 - 00:15
Back to Top