Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2019:3705

Опубликовано: 05 нояб. 2019
Источник: rocky
Оценка: Moderate

Описание

Moderate: libjpeg-turbo security update

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.

Security Fix(es):

  • libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libjpeg-turboi68610.el8libjpeg-turbo-1.5.3-10.el8.i686.rpm
libjpeg-turbox86_6410.el8libjpeg-turbo-1.5.3-10.el8.x86_64.rpm
libjpeg-turbo-develi68610.el8libjpeg-turbo-devel-1.5.3-10.el8.i686.rpm
libjpeg-turbo-develx86_6410.el8libjpeg-turbo-devel-1.5.3-10.el8.x86_64.rpm
libjpeg-turbo-utilsx86_6410.el8libjpeg-turbo-utils-1.5.3-10.el8.x86_64.rpm
turbojpegi68610.el8turbojpeg-1.5.3-10.el8.i686.rpm
turbojpegx86_6410.el8turbojpeg-1.5.3-10.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2018-14498

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2018-14498

CVSS3: 6.5
ubuntu
почти 7 лет назад

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

redhat логотип

CVE-2018-14498

CVSS3: 4.4
redhat
больше 7 лет назад

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

nvd логотип

CVE-2018-14498

CVSS3: 6.5
nvd
почти 7 лет назад

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

debian логотип

CVE-2018-14498

CVSS3: 6.5
debian
почти 7 лет назад

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...

github логотип

GHSA-jg8v-w7gx-4g68

CVSS3: 6.5
github
больше 3 лет назад

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.