CVE-2018-11813

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html

http://www.ijg.org/files/jpegsrc.v9d.tar.gz

https://access.redhat.com/errata/RHSA-2019:2052

https://bugs.gentoo.org/727908

https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf

https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c

Details

Source: MITRE

Published: 2018-06-06

Updated: 2020-06-25

Type: CWE-834

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ijg:libjpeg:9c:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
132505NewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)NessusNewStart CGSL Local Security Checks
high
130602Amazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)NessusAmazon Linux Local Security Checks
high
129912NewStart CGSL CORE 5.04 / MAIN 5.04 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0185)NessusNewStart CGSL Local Security Checks
high
129013Amazon Linux AMI : libjpeg-turbo (ALAS-2019-1286)NessusAmazon Linux Local Security Checks
high
128342CentOS 7 : libjpeg-turbo (CESA-2019:2052)NessusCentOS Local Security Checks
high
128231Scientific Linux Security Update : libjpeg-turbo on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
high
127661RHEL 7 : libjpeg-turbo (RHSA-2019:2052)NessusRed Hat Local Security Checks
high
124708openSUSE Security Update : libjpeg-turbo (openSUSE-2019-1343)NessusSuSE Local Security Checks
high
124453SUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2019:1111-1)NessusSuSE Local Security Checks
high
123845EulerOS Virtualization 2.5.3 : libjpeg-turbo (EulerOS-SA-2019-1159)NessusHuawei Local Security Checks
high
123665openSUSE Security Update : libjpeg-turbo (openSUSE-2019-1118)NessusSuSE Local Security Checks
high
123067SUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2019:0711-1)NessusSuSE Local Security Checks
high
122701EulerOS Virtualization 2.5.2 : libjpeg-turbo (EulerOS-SA-2019-1079)NessusHuawei Local Security Checks
high
120234Fedora 28 : libjpeg-turbo (2018-0e72ef852a)NessusFedora Local Security Checks
high
118049EulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2018-1299)NessusHuawei Local Security Checks
high
117742EulerOS 2.0 SP2 : libjpeg-turbo (EulerOS-SA-2018-1298)NessusHuawei Local Security Checks
high
110762SUSE SLES11 Security Update : jpeg (SUSE-SU-2018:1825-1)NessusSuSE Local Security Checks
high