Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891638 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for libjpeg-turbo (DLA-1638-1) |
Zusammenfassung: | Several vulnerabilities have been resolved in libjpeg-turbo, Debian's;default JPEG implementation.;;CVE-2016-3616;;The cjpeg utility in libjpeg allowed remote attackers to cause a;denial of service (NULL pointer dereference and application crash) or;execute arbitrary code via a crafted file.;;This issue got fixed by the same patch that fixed CVE-2018-11213 and;CVE-2018-11214.;;CVE-2018-1152;;libjpeg-turbo has been found vulnerable to a denial of service;vulnerability caused by a divide by zero when processing a crafted;BMP image. The issue has been resolved by a boundary check.;;CVE-2018-11212;;The alloc_sarray function in jmemmgr.c allowed remote attackers to;cause a denial of service (divide-by-zero error) via a crafted file.;;The issue has been addressed by checking the image size when reading;a targa file and throwing an error when image width or height is 0.;;CVE-2018-11213;CVE-2018-11214;;The get_text_gray_row and get_text_rgb_row functions in rdppm.c both;allowed remote attackers to cause a denial of service (Segmentation;fault) via a crafted file.;;By checking the range of integer values in PPM text files and adding;checks to ensure values are within the specified range, both issues |
Beschreibung: | Summary: Several vulnerabilities have been resolved in libjpeg-turbo, Debian's default JPEG implementation. CVE-2016-3616 The cjpeg utility in libjpeg allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. This issue got fixed by the same patch that fixed CVE-2018-11213 and CVE-2018-11214. CVE-2018-1152 libjpeg-turbo has been found vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. The issue has been resolved by a boundary check. CVE-2018-11212 The alloc_sarray function in jmemmgr.c allowed remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. The issue has been addressed by checking the image size when reading a targa file and throwing an error when image width or height is 0. CVE-2018-11213 CVE-2018-11214 The get_text_gray_row and get_text_rgb_row functions in rdppm.c both allowed remote attackers to cause a denial of service (Segmentation fault) via a crafted file. By checking the range of integer values in PPM text files and adding checks to ensure values are within the specified range, both issues Affected Software/OS: libjpeg-turbo on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 1:1.3.1-12+deb8u1. We recommend that you upgrade your libjpeg-turbo packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-3616 https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html RedHat Security Advisories: RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:2052 https://usn.ubuntu.com/3706-1/ https://usn.ubuntu.com/3706-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1152 BugTraq ID: 104543 http://www.securityfocus.com/bid/104543 https://www.tenable.com/security/research/tra-2018-17 https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html SuSE Security Announcement: openSUSE-SU-2019:1118 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:1343 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |