CVE-2018-1890

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition version 8 on the AIX platform libjpeg (affected versions not specified)

Description The issue concerns a potential code injection and privilege elevation by local users due to the use of absolute RPATHs in IBM SDK, Java Technology Edition Version 8 on the AIX platform. Additionally, there is a denial of service vulnerability in libjpeg, caused by a divide-by-zero error in the alloc sarray function in jmemmgr.c. This could allow a remote attacker to crash the application by persuading a victim to open a specially-crafted file.

Recommendations For IBM SDK, Java Technology Edition version 8 on the AIX platform: consider restricting access to absolute RPATHs to minimize the risk of code injection and privilege elevation. For libjpeg: as a temporary workaround, consider validating user-input files to prevent the application from crashing due to divide-by-zero errors in the alloc sarray function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.