Vulnerabilities > CVE-2018-11813 - Excessive Iteration vulnerability in IJG Libjpeg 9C

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ijg
CWE-834
nessus

Summary

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Vulnerable Configurations

Part Description Count
Application
Ijg
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0185_LIBJPEG-TURBO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129912
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129912
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0185)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0711-1.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123067
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123067
    titleSUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2019:0711-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1159.NASL
    descriptionAccording to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.i1/4^CVE-2018-11813i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123845
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123845
    titleEulerOS Virtualization 2.5.3 : libjpeg-turbo (EulerOS-SA-2019-1159)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2052.NASL
    descriptionAn update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
    last seen2020-06-01
    modified2020-06-02
    plugin id127661
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127661
    titleRHEL 7 : libjpeg-turbo (RHSA-2019:2052)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1343.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124708
    published2019-05-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124708
    titleopenSUSE Security Update : libjpeg-turbo (openSUSE-2019-1343)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1079.NASL
    descriptionAccording to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122701
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122701
    titleEulerOS Virtualization 2.5.2 : libjpeg-turbo (EulerOS-SA-2019-1079)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1299.NASL
    descriptionAccording to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-10-11
    plugin id118049
    published2018-10-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118049
    titleEulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2018-1299)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1825-1.NASL
    descriptionThis update for jpeg fixes the following issues : - CVE-2017-15232: NULL pointer dereferences in jdpostct.c and jquant1.c could lead to denial of service (crash) when processing images [bsc#1062937] - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop [bsc#1096209] - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image [bsc#1098155] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110762
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110762
    titleSUSE SLES11 Security Update : jpeg (SUSE-SU-2018:1825-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1118.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123665
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123665
    titleopenSUSE Security Update : libjpeg-turbo (openSUSE-2019-1118)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1298.NASL
    descriptionAccording to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117742
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117742
    titleEulerOS 2.0 SP2 : libjpeg-turbo (EulerOS-SA-2018-1298)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0227_LIBJPEG-TURBO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132505
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132505
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2052.NASL
    descriptionAn update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
    last seen2020-06-01
    modified2020-06-02
    plugin id128342
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128342
    titleCentOS 7 : libjpeg-turbo (CESA-2019:2052)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1286.NASL
    descriptionThe cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212)
    last seen2020-06-01
    modified2020-06-02
    plugin id129013
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129013
    titleAmazon Linux AMI : libjpeg-turbo (ALAS-2019-1286)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_LIBJPEG_TURBO_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) - libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) - libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) - libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) - libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) - libjpeg:
    last seen2020-03-18
    modified2019-08-27
    plugin id128231
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128231
    titleScientific Linux Security Update : libjpeg-turbo on SL7.x x86_64 (20190806)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1350.NASL
    descriptionThe cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file. CVE-2018-11212) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)
    last seen2020-06-01
    modified2020-06-02
    plugin id130602
    published2019-11-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130602
    titleAmazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-0E72EF852A.NASL
    descriptionFix for **CVE-2018-11813**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120234
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120234
    titleFedora 28 : libjpeg-turbo (2018-0e72ef852a)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1111-1.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124453
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124453
    titleSUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2019:1111-1)

Redhat

advisories
rhsa
idRHSA-2019:2052
rpms
  • libjpeg-turbo-0:1.2.90-8.el7
  • libjpeg-turbo-debuginfo-0:1.2.90-8.el7
  • libjpeg-turbo-devel-0:1.2.90-8.el7
  • libjpeg-turbo-static-0:1.2.90-8.el7
  • libjpeg-turbo-utils-0:1.2.90-8.el7
  • turbojpeg-0:1.2.90-8.el7
  • turbojpeg-devel-0:1.2.90-8.el7