IBM8584E6ABE00771A5603E6B6B425C41D5DE5CAF4155D156ED23DC657B08487AD9Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%
Summary
Transform Services for IBM i is vulnerable to denial of service, heap memory buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities in Independent JPEG Group (IJG) JPEG library and zlib library as described in the vulnerability details section. IBM i has addressed the vulnerabilities in Transform Services for IBM i with a fix as described in the remediation/fixes section.
Vulnerability Details
CVEID:CVE-2021-46822
**DESCRIPTION:**libjpeg-turbo is vulnerable to a denial of service, caused by heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2018-14498
**DESCRIPTION:**libjpeg-turbo and MozJPEG are vulnerable to a denial of service, caused by a heap-based buffer over-read in get_8bit_row in rdbmp.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158472 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-11813
**DESCRIPTION:**libjpeg is vulnerable to a denial of service, caused by a large loop in the read_pixel function in rdtarga.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/144667 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-14152
**DESCRIPTION:**IJG JPEG is vulnerable to a denial of service, caused by excessive memory consumption in jpeg_mem_available() in jmemnobs.c in djpeg. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to disclose information or cause the application to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183463 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)
CVEID:CVE-2013-6629
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_sos() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88783 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID:CVE-2017-15232
**DESCRIPTION:**libjpeg-turbo is vulnerable to a denial of service, caused by a NULL pointer dereference in jdpostct.c and jquant1.c. By persuading a victim to open a specially crafted JPEG file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133309 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2012-2806
**DESCRIPTION:**libjpeg-turbo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the get_sos() function. By persuading a victim to open a specially-crafted JPEG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/76952 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID:CVE-2013-6630
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_dht() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88784 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2022-37434
**DESCRIPTION:**zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232849 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2020-35538
**DESCRIPTION:**libjpeg-turbo is vulnerable to a denial of service, caused by a segmentation fault in the jcopy_sample_rows() function when processing JPG files. By persuading a victim to open a specially-crafted JPG file using certain optimization flags, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235055 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
**IBM X-Force ID:**221377
**DESCRIPTION:**zlib is vulnerable to a denial of service, caused by the use of uninitialized value in inflate() function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221377 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Transform Services for i | 7.5 |
| IBM Transform Services for i | 7.4 |
| IBM Transform Services for i | 7.3 |
| IBM Transform Services for i | 7.2 |
Remediation/Fixes
The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers contain the fix for the vulnerability.
IBM i Release| 5770-TS1
PTF Number| PTF Download Link
—|—|—
7.5| SI80776| SI80776
7.4| SI80841| SI80841
7.3| SI80909| SI80909
7.2| SI80912| SI80912
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
Workarounds and Mitigations
None
Affected configurations
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%