Your submission was sent successfully! Close

CVE-2018-11212

Published: 16 May 2018

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libjpeg-turbo
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.5.2-0ubuntu5)
bionic Not vulnerable
(1.5.2-0ubuntu5)
cosmic Not vulnerable
(1.5.2-0ubuntu5)
disco Not vulnerable
(1.5.2-0ubuntu5)
eoan Not vulnerable
(1.5.2-0ubuntu5)
focal Not vulnerable
(1.5.2-0ubuntu5)
groovy Not vulnerable
(1.5.2-0ubuntu5)
hirsute Not vulnerable
(1.5.2-0ubuntu5)
impish Not vulnerable
(1.5.2-0ubuntu5)
jammy Not vulnerable
(1.5.2-0ubuntu5)
precise
Released (1.1.90+svn733-0ubuntu4.5)
trusty
Released (1.3.0-0ubuntu2.1)
upstream Needs triage

xenial Not vulnerable
(1.4.2-0ubuntu3)
Patches:
upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0
libjpeg6b
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

precise Does not exist

trusty
Released (6b1-4ubuntu1+esm1)
upstream Needs triage

xenial Ignored
(end of standard support, was needed)
libjpeg9
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(1:9c-2)
eoan Not vulnerable
(1:9c-2)
focal Not vulnerable
(1:9c-2)
groovy Not vulnerable
(1:9c-2)
hirsute Not vulnerable
(1:9c-2)
impish Not vulnerable
(1:9c-2)
jammy Not vulnerable
(1:9c-2)
precise Does not exist

trusty Does not exist

upstream
Released (9d)
xenial Ignored
(end of standard support, was needed)