CVE-2018-11813

Published: 6 June 2018

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
libjpeg-turbo Launchpad, Ubuntu, Debian	bionic	Released (1.5.2-0ubuntu5.18.04.6)
	eoan	Not vulnerable (2.0.1-0ubuntu2)
	focal	Not vulnerable (2.0.3-0ubuntu1)
	groovy	Not vulnerable (2.0.3-0ubuntu1)
	hirsute	Not vulnerable (2.0.3-0ubuntu2)
	impish	Not vulnerable (2.0.6-0ubuntu2)
	jammy	Not vulnerable (2.1.2-0ubuntu1)
	kinetic	Not vulnerable (2.1.2-0ubuntu1)
	precise	Ignored (end of ESM support, was needed)
	trusty	Released (1.3.0-0ubuntu2.1+esm2)
	upstream	Released (2.0.0, 1:2.0.5-1)
	xenial	Released (1.4.2-0ubuntu3.4+esm1)
	Patches: upstream: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
libjpeg6b Launchpad, Ubuntu, Debian	bionic	Needed
	eoan	Ignored (reached end-of-life)
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	precise	Does not exist
	trusty	Released (6b1-4ubuntu1+esm1)
	upstream	Needed
	xenial	Ignored (end of standard support, was needed)
libjpeg9 Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (1:9d-1)
	groovy	Not vulnerable (1:9d-1)
	hirsute	Not vulnerable (1:9d-1)
	impish	Not vulnerable (1:9d-1)
	jammy	Not vulnerable (1:9d-1)
	kinetic	Not vulnerable (1:9d-1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (9d)
	xenial	Ignored (end of standard support, was needed)