Vulnerabilities > CVE-2018-14498 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Vulnerable Configurations

Part Description Count
Application
Mozilla
30
Application
Libjpeg-Turbo
25
OS
Fedoraproject
1
OS
Debian
1
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0185_LIBJPEG-TURBO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129912
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129912
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0185)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0711-1.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123067
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123067
    titleSUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2019:0711-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2407.NASL
    descriptionAccording to the versions of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131899
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131899
    titleEulerOS 2.0 SP2 : libjpeg-turbo (EulerOS-SA-2019-2407)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2251.NASL
    descriptionAccording to the versions of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.(CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.(CVE-2018-11214) - heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130713
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130713
    titleEulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2019-2251)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2052.NASL
    descriptionAn update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
    last seen2020-06-01
    modified2020-06-02
    plugin id127661
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127661
    titleRHEL 7 : libjpeg-turbo (RHSA-2019:2052)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1343.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124708
    published2019-05-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124708
    titleopenSUSE Security Update : libjpeg-turbo (openSUSE-2019-1343)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1892.NASL
    descriptionAccording to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128815
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128815
    titleEulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2019-1892)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3705.NASL
    descriptionAn update for libjpeg-turbo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130572
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130572
    titleRHEL 8 : libjpeg-turbo (RHSA-2019:3705)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1719.NASL
    descriptionIt was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially crafted bitmap (BMP) file. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122931
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122931
    titleDebian DLA-1719-1 : libjpeg-turbo security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1483.NASL
    descriptionAccording to the versions of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) - libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.(CVE-2014-9092) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135645
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135645
    titleEulerOS Virtualization 3.0.2.2 : libjpeg-turbo (EulerOS-SA-2020-1483)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-87E2FA8E0F.NASL
    descriptionFix for **CVE-2018-14498** Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123478
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123478
    titleFedora 28 : libjpeg-turbo (2019-87e2fa8e0f)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4190-1.NASL
    descriptionIt was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131016
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131016
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : libjpeg-turbo vulnerabilities (USN-4190-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1118.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123665
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123665
    titleopenSUSE Security Update : libjpeg-turbo (openSUSE-2019-1118)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0227_LIBJPEG-TURBO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132505
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132505
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2052.NASL
    descriptionAn update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
    last seen2020-06-01
    modified2020-06-02
    plugin id128342
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128342
    titleCentOS 7 : libjpeg-turbo (CESA-2019:2052)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1286.NASL
    descriptionThe cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212)
    last seen2020-06-01
    modified2020-06-02
    plugin id129013
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129013
    titleAmazon Linux AMI : libjpeg-turbo (ALAS-2019-1286)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_LIBJPEG_TURBO_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) - libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) - libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) - libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) - libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) - libjpeg:
    last seen2020-03-18
    modified2019-08-27
    plugin id128231
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128231
    titleScientific Linux Security Update : libjpeg-turbo on SL7.x x86_64 (20190806)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1955.NASL
    descriptionAccording to the version of the libjpeg-turbo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128958
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128958
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libjpeg-turbo (EulerOS-SA-2019-1955)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1350.NASL
    descriptionThe cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file. CVE-2018-11212) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)
    last seen2020-06-01
    modified2020-06-02
    plugin id130602
    published2019-11-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130602
    titleAmazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1111-1.NASL
    descriptionThis update for libjpeg-turbo fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124453
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124453
    titleSUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2019:1111-1)

Redhat

advisories
  • bugzilla
    id1687424
    titleCVE-2018-14498 libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibjpeg-turbo is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052001
          • commentlibjpeg-turbo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131803004
        • AND
          • commentlibjpeg-turbo-devel is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052003
          • commentlibjpeg-turbo-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131803002
        • AND
          • commentturbojpeg-devel is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052005
          • commentturbojpeg-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140388
        • AND
          • commentlibjpeg-turbo-utils is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052007
          • commentlibjpeg-turbo-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140384
        • AND
          • commentturbojpeg is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052009
          • commentturbojpeg is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140382
        • AND
          • commentlibjpeg-turbo-static is earlier than 0:1.2.90-8.el7
            ovaloval:com.redhat.rhsa:tst:20192052011
          • commentlibjpeg-turbo-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131803006
    rhsa
    idRHSA-2019:2052
    released2019-08-06
    severityModerate
    titleRHSA-2019:2052: libjpeg-turbo security update (Moderate)
  • bugzilla
    id1688397
    titlelibjpeg-turbo: Support running with Intel CET
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentlibjpeg-turbo-devel is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705001
          • commentlibjpeg-turbo-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131803002
        • AND
          • commentlibjpeg-turbo-utils is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705003
          • commentlibjpeg-turbo-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140384
        • AND
          • commentlibjpeg-turbo-debugsource is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705005
          • commentlibjpeg-turbo-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193705006
        • AND
          • commentlibjpeg-turbo is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705007
          • commentlibjpeg-turbo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131803004
        • AND
          • commentturbojpeg is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705009
          • commentturbojpeg is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140382
        • AND
          • commentturbojpeg-devel is earlier than 0:1.5.3-10.el8
            ovaloval:com.redhat.rhsa:tst:20193705011
          • commentturbojpeg-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140388
    rhsa
    idRHSA-2019:3705
    released2019-11-05
    severityModerate
    titleRHSA-2019:3705: libjpeg-turbo security update (Moderate)
rpms
  • libjpeg-turbo-0:1.2.90-8.el7
  • libjpeg-turbo-debuginfo-0:1.2.90-8.el7
  • libjpeg-turbo-devel-0:1.2.90-8.el7
  • libjpeg-turbo-static-0:1.2.90-8.el7
  • libjpeg-turbo-utils-0:1.2.90-8.el7
  • turbojpeg-0:1.2.90-8.el7
  • turbojpeg-devel-0:1.2.90-8.el7
  • libjpeg-turbo-0:1.5.3-10.el8
  • libjpeg-turbo-debuginfo-0:1.5.3-10.el8
  • libjpeg-turbo-debugsource-0:1.5.3-10.el8
  • libjpeg-turbo-devel-0:1.5.3-10.el8
  • libjpeg-turbo-utils-0:1.5.3-10.el8
  • libjpeg-turbo-utils-debuginfo-0:1.5.3-10.el8
  • turbojpeg-0:1.5.3-10.el8
  • turbojpeg-debuginfo-0:1.5.3-10.el8
  • turbojpeg-devel-0:1.5.3-10.el8