CVE-2018-11813

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Debian logo
Debian Releases
Debian Product
Codename
libjpeg-turbo
bookworm
1:2.1.5-2
fixed
bullseye
1:2.0.6-4
fixed
sid
1:2.1.5-3
fixed
trixie
1:2.1.5-3
fixed
libjpeg9
sid
1:9f-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libjpeg-turbo
bionic
Fixed 1.5.2-0ubuntu5.18.04.6
released
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
Fixed 1.3.0-0ubuntu2.1+esm2
released
xenial
Fixed 1.4.2-0ubuntu3.4+esm1
released
libjpeg6b
bionic
needed
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
Fixed 6b1-4ubuntu1+esm1
released
xenial
Fixed 1:6b2-2ubuntu0.1~esm1
released
libjpeg9
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
Fixed 1:9b-1ubuntu1+esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libjpeg-turbo
suse enterprise sap 12 SP3
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP4
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP5
1.5.3-31.14.2
fixed
suse enterprise server 12 SP3
1.5.3-31.14.2
fixed
suse enterprise server 12 SP4
1.5.3-31.14.2
fixed
suse enterprise server 12 SP5
1.5.3-31.14.2
fixed
libjpeg62
suse enterprise desktop 15
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP1
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP2
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP3
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise desktop 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise sap 12 SP3
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP4
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP5
62.2.0-31.14.2
fixed
suse enterprise sap 15
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP1
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP2
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP3
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise sap 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise server 12 SP3
62.2.0-31.14.2
fixed
suse enterprise server 12 SP4
62.2.0-31.14.2
fixed
suse enterprise server 12 SP5
62.2.0-31.14.2
fixed
suse enterprise server 15
62.2.0-5.7.1
fixed
suse enterprise server 15 SP1
62.2.0-5.7.1
fixed
suse enterprise server 15 SP2
62.2.0-5.7.1
fixed
suse enterprise server 15 SP3
62.2.0-5.7.1
fixed
suse enterprise server 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise server 15 SP7
62.3.0-150600.22.3
fixed
libjpeg62-32bit
suse enterprise sap 12 SP3
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP4
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP5
62.2.0-31.14.2
fixed
suse enterprise server 12 SP3
62.2.0-31.14.2
fixed
suse enterprise server 12 SP4
62.2.0-31.14.2
fixed
suse enterprise server 12 SP5
62.2.0-31.14.2
fixed
libjpeg62-devel
suse enterprise desktop 15
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP1
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP2
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP3
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise desktop 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise sap 15
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP1
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP2
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP3
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise sap 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise server 15
62.2.0-5.7.1
fixed
suse enterprise server 15 SP1
62.2.0-5.7.1
fixed
suse enterprise server 15 SP2
62.2.0-5.7.1
fixed
suse enterprise server 15 SP3
62.2.0-5.7.1
fixed
suse enterprise server 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise server 15 SP7
62.3.0-150600.22.3
fixed
libjpeg62-turbo
suse enterprise sap 12 SP3
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP4
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP5
1.5.3-31.14.2
fixed
suse enterprise server 12 SP3
1.5.3-31.14.2
fixed
suse enterprise server 12 SP4
1.5.3-31.14.2
fixed
suse enterprise server 12 SP5
1.5.3-31.14.2
fixed
libjpeg8
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libjpeg8-32bit
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libjpeg8-devel
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libturbojpeg0
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libjpeg-turbo
RHEL 7
0:1.2.90-8.el7
fixed
libjpeg-turbo-devel
RHEL 7
0:1.2.90-8.el7
fixed
libjpeg-turbo-static
RHEL 7
0:1.2.90-8.el7
fixed
libjpeg-turbo-utils
RHEL 7
0:1.2.90-8.el7
fixed
turbojpeg
RHEL 7
0:1.2.90-8.el7
fixed
turbojpeg-devel
RHEL 7
0:1.2.90-8.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
http://www.ijg.org/files/jpegsrc.v9d.tar.gz
https://access.redhat.com/errata/RHSA-2019:2052
https://bugs.gentoo.org/727908
https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
http://www.ijg.org/files/jpegsrc.v9d.tar.gz
https://access.redhat.com/errata/RHSA-2019:2052
https://bugs.gentoo.org/727908
https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c