Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.891638
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for libjpeg-turbo (DLA-1638-1)
Zusammenfassung:Several vulnerabilities have been resolved in libjpeg-turbo, Debian's;default JPEG implementation.;;CVE-2016-3616;;The cjpeg utility in libjpeg allowed remote attackers to cause a;denial of service (NULL pointer dereference and application crash) or;execute arbitrary code via a crafted file.;;This issue got fixed by the same patch that fixed CVE-2018-11213 and;CVE-2018-11214.;;CVE-2018-1152;;libjpeg-turbo has been found vulnerable to a denial of service;vulnerability caused by a divide by zero when processing a crafted;BMP image. The issue has been resolved by a boundary check.;;CVE-2018-11212;;The alloc_sarray function in jmemmgr.c allowed remote attackers to;cause a denial of service (divide-by-zero error) via a crafted file.;;The issue has been addressed by checking the image size when reading;a targa file and throwing an error when image width or height is 0.;;CVE-2018-11213;CVE-2018-11214;;The get_text_gray_row and get_text_rgb_row functions in rdppm.c both;allowed remote attackers to cause a denial of service (Segmentation;fault) via a crafted file.;;By checking the range of integer values in PPM text files and adding;checks to ensure values are within the specified range, both issues
Beschreibung:Summary:
Several vulnerabilities have been resolved in libjpeg-turbo, Debian's
default JPEG implementation.

CVE-2016-3616

The cjpeg utility in libjpeg allowed remote attackers to cause a
denial of service (NULL pointer dereference and application crash) or
execute arbitrary code via a crafted file.

This issue got fixed by the same patch that fixed CVE-2018-11213 and
CVE-2018-11214.

CVE-2018-1152

libjpeg-turbo has been found vulnerable to a denial of service
vulnerability caused by a divide by zero when processing a crafted
BMP image. The issue has been resolved by a boundary check.

CVE-2018-11212

The alloc_sarray function in jmemmgr.c allowed remote attackers to
cause a denial of service (divide-by-zero error) via a crafted file.

The issue has been addressed by checking the image size when reading
a targa file and throwing an error when image width or height is 0.

CVE-2018-11213
CVE-2018-11214

The get_text_gray_row and get_text_rgb_row functions in rdppm.c both
allowed remote attackers to cause a denial of service (Segmentation
fault) via a crafted file.

By checking the range of integer values in PPM text files and adding
checks to ensure values are within the specified range, both issues

Affected Software/OS:
libjpeg-turbo on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1:1.3.1-12+deb8u1.

We recommend that you upgrade your libjpeg-turbo packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-3616
https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
RedHat Security Advisories: RHSA-2019:2052
https://access.redhat.com/errata/RHSA-2019:2052
https://usn.ubuntu.com/3706-1/
https://usn.ubuntu.com/3706-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1152
BugTraq ID: 104543
http://www.securityfocus.com/bid/104543
https://www.tenable.com/security/research/tra-2018-17
https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html
SuSE Security Announcement: openSUSE-SU-2019:1118 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2019:1343 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
CopyrightCopyright (C) 2019 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.