CVE-2018-11813Excessive Iteration in Libjpeg

CWE-834Excessive IterationCWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation26 documents8 sources
Severity
7.5HIGHNVD
OSV8.8
EPSS
0.2%
top 51.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libjpeg-turboIJG Libjpeg
Timeline
PublishedJun 6
Latest updateSep 22

Description

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianlibjpeg-turbo/libjpeg-turbo< 1:2.0.5-1+3
Ubuntulibjpeg-turbo/libjpeg-turbo< 1.5.2-0ubuntu5.18.04.6+3
NVDijg/libjpeg9c

🔴Vulnerability Details

8
OSV
libjpeg-turbo vulnerabilities2022-09-22
OSV
libjpeg-turbo vulnerabilities2022-08-08
OSV
libjpeg6b vulnerabilities2022-06-30
OSV
libjpeg6b vulnerabilities2022-06-30
GHSA
GHSA-32p9-664j-q6j6: libjpeg 9c has a large loop because read_pixel in rdtarga2022-05-13

📋Vendor Advisories

8
Ubuntu
libjpeg-turbo vulnerabilities2022-09-22
Ubuntu
libjpeg-turbo vulnerabilities2022-08-08
Ubuntu
Libjpeg6b vulnerabilities2022-06-30
Ubuntu
Libjpeg6b vulnerabilities2022-06-30
Ubuntu
libjpeg9 vulnerabilities2022-03-23

💬Community

9
Bugzilla
CVE-2018-18625 grafana: XSS vulnerability via a link on the "Dashboard > All Panels > General" screen2020-06-24
Bugzilla
CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen2020-06-24
Bugzilla
CVE-2018-18623 grafana: XSS vulnerability via the "Dashboard > Text Panel" screen2020-06-24
Bugzilla
CVE-2020-14151 libjpeg: read_*_pixel functions in rdtarga.c in cjpeg mishandles EOF2020-06-19
Bugzilla
CVE-2018-12099 grafana: Cross-site Scripting (XSS) in dashboard links2018-06-11
CVE-2018-11813 — Excessive Iteration in IJG Libjpeg | cvebase