CVE-2018-1152 - libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero w

CVE-2018-1152

Summary

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

References

Vulnerable Configurations

cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	104543
confirm	https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
misc	https://www.tenable.com/security/research/tra-2018-17
mlist	[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update [debian-lts-announce] 20200731 [SECURITY] [DLA 2302-1] libjpeg-turbo security update
suse	openSUSE-SU-2019:1118 openSUSE-SU-2019:1343
ubuntu	USN-3706-1 USN-3706-2

Last major update

31-07-2020 - 21:15

Published

18-06-2018 - 14:29

Last modified

31-07-2020 - 21:15