Vulnerability Details CVE-2018-11212
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
- http://www.ijg.org/
- http://www.securityfocus.com/bid/106583
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0472
- https://access.redhat.com/errata/RHSA-2019:0473
- https://access.redhat.com/errata/RHSA-2019:0474
- https://access.redhat.com/errata/RHSA-2019:0640
- https://access.redhat.com/errata/RHSA-2019:1238
- https://access.redhat.com/errata/RHSA-2019:2052
- https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a
- https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git
- https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
- https://security.netapp.com/advisory/ntap-20190118-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
- https://usn.ubuntu.com/3706-1/
- https://usn.ubuntu.com/3706-2/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
- http://www.ijg.org/
- http://www.securityfocus.com/bid/106583
- https://access.redhat.com/errata/RHSA-2019:0469
- https://access.redhat.com/errata/RHSA-2019:0472
- https://access.redhat.com/errata/RHSA-2019:0473
- https://access.redhat.com/errata/RHSA-2019:0474
- https://access.redhat.com/errata/RHSA-2019:0640
- https://access.redhat.com/errata/RHSA-2019:1238
- https://access.redhat.com/errata/RHSA-2019:2052
- https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a
- https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git
- https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
- https://security.netapp.com/advisory/ntap-20190118-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
- https://usn.ubuntu.com/3706-1/
- https://usn.ubuntu.com/3706-2/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Products affected by CVE-2018-11212
-
cpe:2.3:a:ijg:libjpeg:9a
-
cpe:2.3:a:netapp:oncommand_unified_manager:-
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.2
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.5
-
cpe:2.3:a:netapp:oncommand_unified_manager:6.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:6.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.0
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.2
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:9.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:9.5
-
cpe:2.3:a:netapp:oncommand_workflow_automation:-
-
cpe:2.3:a:netapp:oncommand_workflow_automation:2.2.1
-
cpe:2.3:a:netapp:oncommand_workflow_automation:3.0
-
cpe:2.3:a:netapp:oncommand_workflow_automation:3.1
-
cpe:2.3:a:netapp:oncommand_workflow_automation:4.0
-
cpe:2.3:a:netapp:oncommand_workflow_automation:4.1
-
cpe:2.3:a:netapp:oncommand_workflow_automation:4.2
-
cpe:2.3:a:netapp:oncommand_workflow_automation:5.0
-
cpe:2.3:a:netapp:oncommand_workflow_automation:5.0.1
-
cpe:2.3:a:netapp:oncommand_workflow_automation:5.1
-
cpe:2.3:a:netapp:oncommand_workflow_automation:5.1.1
-
cpe:2.3:a:netapp:snapmanager:-
-
cpe:2.3:a:netapp:snapmanager:1.1.1
-
cpe:2.3:a:netapp:snapmanager:2.0
-
cpe:2.3:a:netapp:snapmanager:2.1
-
cpe:2.3:a:netapp:snapmanager:2.2
-
cpe:2.3:a:netapp:snapmanager:3.0
-
cpe:2.3:a:netapp:snapmanager:3.1
-
cpe:2.3:a:netapp:snapmanager:3.2
-
cpe:2.3:a:netapp:snapmanager:3.3
-
cpe:2.3:a:netapp:snapmanager:3.3.1
-
cpe:2.3:a:netapp:snapmanager:3.4
-
cpe:2.3:a:netapp:snapmanager:3.4.2
-
cpe:2.3:a:oracle:jdk:1.7.0
-
cpe:2.3:a:oracle:jdk:1.8.0
-
cpe:2.3:a:oracle:jdk:11.0.1
-
cpe:2.3:a:oracle:jre:8.0
-
cpe:2.3:a:redhat:satellite:5.8
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0