CVE Vulnerability

CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a Exploit Third Party Advisory
https://usn.ubuntu.com/3706-1/ Third Party Advisory
https://usn.ubuntu.com/3706-2/ Third Party Advisory
http://www.securityfocus.com/bid/106583 Third Party Advisory VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190118-0001/ Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0469 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0474 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0473 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0472 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0640 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1238
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
https://access.redhat.com/errata/RHSA-2019:2052
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
http://www.ijg.org/
https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git
https://www.oracle.com/security-alerts/cpuapr2022.html
Configurations

Configuration 1

cpe:2.3:a:ijg:libjpeg:9a:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
cpe:2.3:a:oracle:jdk:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:8.0:update_191:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Information

Published : 2018-05-16 05:29

Updated : 2022-04-20 12:15

NVD link : CVE-2018-11212

Mitre link : CVE-2018-11212

Products Affected
No products.
CWE
CWE-369

Divide By Zero