CVE-2018-11212Divide By Zero in Libjpeg

CWE-369Divide By Zero19 documents9 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
1.9%
top 16.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Libjpeg-turboCanonical Ubuntu LinuxDebian Linux+9 more
Timeline
PublishedMay 16
Latest updateJun 30

Description

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

Debianlibjpeg-turbo/libjpeg-turbo< 1:1.4.2-1+3
NVDijg/libjpeg9a
NVDoracle/jdk1.7.0, 1.8.0, 11.0.1+2
NVDoracle/jre8.0
NVDopensuse/leap15.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: security.netapp.comPatch: www.oracle.comPatch: security.netapp.com

🔴Vulnerability Details

6
OSV
libjpeg6b vulnerabilities2022-06-30
OSV
libjpeg6b vulnerabilities2022-06-30
GHSA
GHSA-m7r9-q69w-q556: An issue was discovered in libjpeg 9a and 9d2022-05-13
OSV
libjpeg9 vulnerabilities2022-03-23
OSV
CVE-2018-11212: An issue was discovered in libjpeg 9a and 9d2018-05-16

📋Vendor Advisories

8
Ubuntu
Libjpeg6b vulnerabilities2022-06-30
Ubuntu
Libjpeg6b vulnerabilities2022-06-30
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Oracle Directory Services Manager (libjpeg) — CVE-2018-112122022-04-15
Ubuntu
libjpeg9 vulnerabilities2022-03-23
Ubuntu
libjpeg-turbo vulnerabilities2018-07-10

💬Community

4
Bugzilla
CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 mingw-libjpeg-turbo: various flaws [epel-7]2018-05-18
Bugzilla
CVE-2018-11212 libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c2018-05-18
Bugzilla
CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 libjpeg-turbo: various flaws [fedora-all]2018-05-18
Bugzilla
CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 mingw-libjpeg-turbo: various flaws [fedora-all]2018-05-18
CVE-2018-11212 — Divide By Zero in IJG Libjpeg | cvebase