PT-2018-2416 · Independent Jpeg+6 · Libjpeg+8
Published
2018-04-16
·
Updated
2024-06-15
·
CVE-2018-11212
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libjpeg versions 9a through 9d
Description
The issue allows remote attackers to cause a denial of service via a crafted file, resulting in a divide-by-zero error in the
alloc sarray function in jmemmgr.c. This can lead to the application crashing. The vulnerability is related to insufficient access control in the ImageIO component of Oracle Java SE and Java SE Embedded, which can be exploited by a remote attacker to cause a denial of service.Recommendations
For libjpeg versions 9a through 9d, consider disabling the
alloc sarray function in jmemmgr.c as a temporary workaround to prevent the denial of service.
Restrict access to crafted files that could exploit this issue to minimize the risk of application crash.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Divide By Zero
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu
Libjpeg