Lucene search

[email protected]NVD:CVE-2018-11212

HistoryMay 16, 2018 - 5:29 p.m.

CVE-2018-11212

2018-05-1617:29:00

CWE-369

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Affected configurations

NVD

Node

ijglibjpegMatch9a

Node

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

Node

netapponcommand_unified_manager

netapponcommand_unified_managerRange7.3≥windows

netapponcommand_unified_managerRange9.4≥vmware_vsphere

netapponcommand_workflow_automation

netappsnapmanageroracle

netappsnapmanagersap

Node

oraclejdkMatch1.7.0update201

oraclejdkMatch1.8.0update192

oraclejdkMatch11.0.1

oraclejreMatch8.0update_191

Node

redhatsatelliteMatch5.8

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

opensuseleapMatch15.0

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

www.ijg.org/

www.securityfocus.com/bid/106583

access.redhat.com/errata/RHSA-2019:0469

access.redhat.com/errata/RHSA-2019:0472

access.redhat.com/errata/RHSA-2019:0473

access.redhat.com/errata/RHSA-2019:0474

access.redhat.com/errata/RHSA-2019:0640

access.redhat.com/errata/RHSA-2019:1238

access.redhat.com/errata/RHSA-2019:2052

github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a

github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git

lists.debian.org/debian-lts-announce/2019/01/msg00015.html

security.netapp.com/advisory/ntap-20190118-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us

usn.ubuntu.com/3706-1/

usn.ubuntu.com/3706-2/

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for NVD:CVE-2018-11212

cve1 nessus51 redhatcve1 openvas27 ubuntucve1 alpinelinux1 cvelist1 ibm47 prion1 debiancve1 f51 amazon3 veracode1 suse4 redhat7 kaspersky1 debian1 ubuntu5 osv4 mageia1 oraclelinux1 centos1 aix1 cloudfoundry1 photon4 oracle2