CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%
Package : libjpeg-turbo
Version : 1:1.3.1-12+deb8u2
CVE ID : CVE-2018-14498
Debian Bug : #924678
It was discovered that there was a denial of service vulnerability in
the libjpeg-turbo CPU-optimised JPEG image library. A heap-based
buffer over-read could be triggered by a specially-crafted bitmap
(BMP) file.
For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo
version 1:1.3.1-12+deb8u2.
We recommend that you upgrade your libjpeg-turbo packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | amd64 | libturbojpeg0 | < 1:1.5.1-2+deb9u1 | libturbojpeg0_1:1.5.1-2+deb9u1_amd64.deb |
Debian | 10 | ppc64el | libjpeg62-turbo | < 1:1.5.2-2+deb10u1 | libjpeg62-turbo_1:1.5.2-2+deb10u1_ppc64el.deb |
Debian | 10 | i386 | libturbojpeg0 | < 1:1.5.2-2+deb10u1 | libturbojpeg0_1:1.5.2-2+deb10u1_i386.deb |
Debian | 8 | armhf | libjpeg62-turbo | < 1:1.3.1-12+deb8u2 | libjpeg62-turbo_1:1.3.1-12+deb8u2_armhf.deb |
Debian | 10 | ppc64el | libjpeg-turbo-progs | < 1:1.5.2-2+deb10u1 | libjpeg-turbo-progs_1:1.5.2-2+deb10u1_ppc64el.deb |
Debian | 9 | arm64 | libjpeg-turbo-progs | < 1:1.5.1-2+deb9u1 | libjpeg-turbo-progs_1:1.5.1-2+deb9u1_arm64.deb |
Debian | 10 | armhf | libturbojpeg0-dev | < 1:1.5.2-2+deb10u1 | libturbojpeg0-dev_1:1.5.2-2+deb10u1_armhf.deb |
Debian | 10 | s390x | libjpeg62-turbo | < 1:1.5.2-2+deb10u1 | libjpeg62-turbo_1:1.5.2-2+deb10u1_s390x.deb |
Debian | 8 | i386 | libturbojpeg1-dev | < 1:1.3.1-12+deb8u2 | libturbojpeg1-dev_1:1.3.1-12+deb8u2_i386.deb |
Debian | 10 | i386 | libturbojpeg0-dev | < 1:1.5.2-2+deb10u1 | libturbojpeg0-dev_1:1.5.2-2+deb10u1_i386.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%