ID CVE-2018-1152
Summary libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
References
Vulnerable Configurations
  • cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*
    cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 31-07-2020 - 21:15)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 104543
confirm https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
misc https://www.tenable.com/security/research/tra-2018-17
mlist
  • [debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update
  • [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
suse
  • openSUSE-SU-2019:1118
  • openSUSE-SU-2019:1343
ubuntu
  • USN-3706-1
  • USN-3706-2
Last major update 31-07-2020 - 21:15
Published 18-06-2018 - 14:29
Last modified 31-07-2020 - 21:15
Back to Top