CVE-2018-11813 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Debian Releases

Debian Product

Codename

libjpeg-turbo

bullseye	1:2.0.6-4 fixed
bookworm	1:2.1.5-2 fixed
sid	1:2.1.5-3 fixed
trixie	1:2.1.5-3 fixed

libjpeg9

sid	1:9f-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libjpeg-turbo

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
bionic	Fixed 1.5.2-0ubuntu5.18.04.6 released
xenial	Fixed 1.4.2-0ubuntu3.4+esm1 released
trusty	Fixed 1.3.0-0ubuntu2.1+esm2 released

libjpeg6b

noble	needed
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needed
impish	ignored
hirsute	ignored
groovy	ignored
focal	needed
eoan	ignored
bionic	needed
xenial	Fixed 1:6b2-2ubuntu0.1~esm1 released
trusty	Fixed 6b1-4ubuntu1+esm1 released

libjpeg9

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	ignored
disco	ignored
cosmic	ignored
bionic	needed
artful	ignored
xenial	Fixed 1:9b-1ubuntu1+esm1 released
trusty	dne

Common Weakness Enumeration

CWE-834 - Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html

http://www.ijg.org/files/jpegsrc.v9d.tar.gz

https://access.redhat.com/errata/RHSA-2019:2052

https://bugs.gentoo.org/727908

https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf

https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html

http://www.ijg.org/files/jpegsrc.v9d.tar.gz

https://access.redhat.com/errata/RHSA-2019:2052

https://bugs.gentoo.org/727908

https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf

https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c