CVE-2018-11214

Опубликовано: 16 мая 2018

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libjpeg	Will not fix
Red Hat Enterprise Linux 6	libjpeg-turbo	Will not fix
Red Hat Enterprise Linux 8	libjpeg-turbo	Not affected
Red Hat Enterprise Linux 7	libjpeg-turbo	Fixed	RHSA-2019:2052	06.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1579980libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c

EPSS

Процентиль: 77%

0.01054

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-11214

CVSS3: 6.5

ubuntu

больше 7 лет назад

An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVE-2018-11214

CVSS3: 6.5

nvd

больше 7 лет назад

An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVE-2018-11214

CVSS3: 6.5

debian

больше 7 лет назад

An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...

GHSA-c6rg-3w94-c827

CVSS3: 6.5

github

больше 3 лет назад

An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

ELSA-2019-2052

oracle-oval

больше 6 лет назад

ELSA-2019-2052: libjpeg-turbo security update (MODERATE)

EPSS

Процентиль: 77%

0.01054

Низкий

5.3 Medium

CVSS3