Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9CEA17D0A16727D2EE44536DDAF14F3810C225EF86FC8DD292A99EDC5262A025
HistoryJan 29, 2020 - 4:39 p.m.

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-11214, CVE-2018-11213, CVE-2018-11212)

2020-01-2916:39:31
www.ibm.com
9

0.007 Low

EPSS

Percentile

81.0%

JSON

Summary

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Issues were discovered in libjpeg 9a library.

Vulnerability Details

CVEID:CVE-2018-11214
**DESCRIPTION:**An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/143427 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-11213
**DESCRIPTION:**An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/143428 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-11212
**DESCRIPTION:**An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Identity Governance and Intelligence 5.2.4
IBM Security Identity Governance and Intelligence 5.2.5

Remediation/Fixes

Affected Product(s) Version(s) First Fix
IBM Security Identity Governance and Intelligence 5.2.4 5.2.6.0-ISS-SIGI-FP0000
IBM Security Identity Governance and Intelligence 5.2.5 5.2.6.0-ISS-SIGI-FP0000

Workarounds and Mitigations

None

Related

nessus 54
debian 1
ubuntu 5
osv 4
openvas 29
ubuntucve 3
redhat 7
amazon 3
oraclelinux 1
centos 1
cloudfoundry 1
redhatcve 3
veracode 3
cvelist 3
cve 3
nvd 3
prion 3
f5 2
debiancve 3
alpinelinux 1
ibm 46
suse 4
kaspersky 1
mageia 1
aix 1
photon 4
oracle 2
nessus
nessus
RHEL 6 : libjpeg (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : libjpeg (Unpatched Vulnerability)
2024-06-03 00:00:00
Ubuntu 16.04 ESM : Libjpeg6b vulnerabilities (USN-5497-2)
2023-10-23 00:00:00
debian
debian
[SECURITY] [DLA 1638-1] libjpeg-turbo security update
2019-01-22 22:18:58
ubuntu
ubuntu
Libjpeg6b vulnerabilities
2022-06-30 00:00:00
Libjpeg6b vulnerabilities
2022-06-30 00:00:00
libjpeg-turbo vulnerabilities
2018-07-10 00:00:00
osv
osv
libjpeg-turbo - security update
2019-01-22 00:00:00
libjpeg6b vulnerabilities
2022-06-30 12:54:31
libjpeg6b vulnerabilities
2022-06-30 14:35:28
openvas
openvas
Ubuntu: Security Advisory (USN-5497-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5497-2)
2023-01-27 00:00:00
Debian: Security Advisory (DLA-1638-1)
2019-01-22 00:00:00
ubuntucve
ubuntucve
CVE-2018-11214
2018-05-16 00:00:00
CVE-2018-11212
2018-05-16 00:00:00
CVE-2018-11213
2018-05-16 00:00:00
redhat
redhat
(RHSA-2019:2052) Moderate: libjpeg-turbo security update
2019-08-06 07:55:58
(RHSA-2019:0473) Critical: java-1.7.1-ibm security update
2019-03-05 12:42:15
(RHSA-2019:0474) Critical: java-1.7.1-ibm security update
2019-03-07 15:44:12
amazon
amazon
Medium: libjpeg-turbo
2019-09-13 22:58:00
Medium: libjpeg-turbo
2019-11-04 22:23:00
Low: libjpeg-turbo
2019-04-25 16:41:00
oraclelinux
oraclelinux
libjpeg-turbo security update
2019-08-13 00:00:00
centos
centos
libjpeg, turbojpeg security update
2019-08-30 03:16:23
cloudfoundry
cloudfoundry
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2018-07-19 00:00:00
redhatcve
redhatcve
CVE-2018-11214
2018-05-18 21:21:20
CVE-2018-11213
2018-05-18 21:20:52
CVE-2018-11212
2020-01-26 15:56:42
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:16
Denial Of Service (Dos)
2019-08-08 00:07:16
Denial Of Service (DoS)
2019-05-16 03:57:00
cvelist
cvelist
CVE-2018-11214
2018-05-16 17:00:00
CVE-2018-11213
2018-05-16 17:00:00
CVE-2018-11212
2018-05-16 17:00:00
cve
cve
CVE-2018-11214
2018-05-16 17:29:00
CVE-2018-11212
2018-05-16 17:29:00
CVE-2018-11213
2018-05-16 17:29:00
nvd
nvd
CVE-2018-11213
2018-05-16 17:29:00
CVE-2018-11214
2018-05-16 17:29:00
CVE-2018-11212
2018-05-16 17:29:00
prion
prion
Design/Logic Flaw
2018-05-16 17:29:00
Design/Logic Flaw
2018-05-16 17:29:00
Denial of service
2018-05-16 17:29:00
f5
f5
K23406572 : libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498
2022-02-17 00:00:00
K63404203 : Oracle Java SE vulnerability CVE-2018-11212
2019-02-07 00:00:00
debiancve
debiancve
CVE-2018-11213
2018-05-16 17:29:00
CVE-2018-11214
2018-05-16 17:29:00
CVE-2018-11212
2018-05-16 17:29:00
alpinelinux
alpinelinux
CVE-2018-11212
2018-05-16 17:29:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (Java CPU January 2019)
2022-09-14 15:02:20
Security Bulletin: Vulnerability in Oracle Java SE and libjpeg affects IBM Integrated Analytics System
2020-11-10 10:36:53
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software
2020-09-10 17:03:14
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-03-18 00:00:00
Security update for java-11-openjdk (important)
2019-02-12 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
kaspersky
kaspersky
KLA11403 Multiple vulnerabilities in Oracle Java SE
2019-01-15 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-02-13 14:08:25
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12
photon
photon
Critical Photon OS Security Update - PHSA-2020-0084
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0084
2020-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0290
2020-04-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

0.007 Low

EPSS

Percentile

81.0%

JSON
Related for 9CEA17D0A16727D2EE44536DDAF14F3810C225EF86FC8DD292A99EDC5262A025
nessus54debian1ubuntu5osv4openvas29ubuntucve3redhat7amazon3oraclelinux1centos1cloudfoundry1redhatcve3veracode3cvelist3cve3nvd3prion3f52debiancve3alpinelinux1ibm46suse4kaspersky1mageia1aix1photon4oracle2