MidnightBSD

Advisories for ijg

CVE-2018-11212 MEDIUM

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
netapp oncommand_unified_manager *
oracle jdk 11.0.1
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
netapp oncommand_workflow_automation *
opensuse leap 15.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
oracle jdk 1.8.0
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
oracle jdk 1.7.0
canonical ubuntu_linux 18.04
netapp snapmanager *
redhat satellite 5.8
ijg libjpeg 9a
redhat enterprise_linux_desktop 7.0
oracle jre 8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 6.0
CVE-2018-11213 MEDIUM

An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 12.04
ijg libjpeg 9a
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-11214 MEDIUM

An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 12.04
ijg libjpeg 9a
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
CVE-2018-11813 MEDIUM

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,

Products Affected

Vendor Product Version
ijg libjpeg 9c
CVE-2020-14152 MEDIUM

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
ijg libjpeg *
debian debian_linux 9.0
CVE-2020-14153 MEDIUM

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
ijg libjpeg *