usn-5497-1
Vulnerability from osv_ubuntu
Published
2022-06-30 12:54
Modified
2026-06-29 10:52
Summary
libjpeg6b vulnerabilities
Details

It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212)

Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813)

Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-11212",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-11213",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-11214",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-11813",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14152",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "libjpeg62",
            "binary_version": "6b1-4ubuntu1+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "libjpeg6b",
        "purl": "pkg:deb/ubuntu/libjpeg6b@6b1-4ubuntu1+esm1?arch=source\u0026distro=trusty/esm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6b1-4ubuntu1+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6b1-3ubuntu1",
        "6b1-4ubuntu1"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that Libjpeg6b was not properly performing bounds\nchecks when compressing PPM and Targa image files. An attacker could\npossibly use this issue to cause a denial of service.\n(CVE-2018-11212)\n\nChijin Zhou discovered that Libjpeg6b was incorrectly handling the\nEOF character in input data when generating JPEG files. An attacker\ncould possibly use this issue to force the execution of a large loop,\nforce excessive memory consumption, and cause a denial of service.\n(CVE-2018-11813)\n\nSheng Shu and Dongdong She discovered that Libjpeg6b was not properly\nlimiting the amount of memory being used when it was performing\ndecompression or multi-pass compression operations. An attacker could\npossibly use this issue to force excessive memory consumption and\ncause a denial of service. (CVE-2020-14152)\n",
  "id": "USN-5497-1",
  "modified": "2026-06-29T10:52:56Z",
  "published": "2022-06-30T12:54:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5497-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-11212"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-11213"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-11214"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-11813"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-14152"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "libjpeg6b vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2018-11212",
    "UBUNTU-CVE-2018-11213",
    "UBUNTU-CVE-2018-11214",
    "UBUNTU-CVE-2018-11813",
    "UBUNTU-CVE-2020-14152"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…