Gentoo FoundationMGASA-2018-0327Updated libjpeg packages fix security vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.1%
Updated libjpeg package fixes security vulnerabilities: It was found that libjpeg is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image (CVE-2018-1152). It was found that libjpeg had a defect where, due to a mishandled EOF, a specially crafted malformed input file (specifically a file with a valid Targa header but incomplete pixel data) would cause cjpeg to generate a file that was potentially thousands of times larger than the input file (CVE-2018-11813).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | libjpeg | <Â 1.5.1-1.2 | libjpeg-1.5.1-1.2.mga6 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.1%