CVE-2018-1152

Name

CVE-2018-1152

Description

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Third Party Advisory	https://www.tenable.com/security/research/tra-2018-17
Patch	https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
Third Party Advisory	http://www.securityfocus.com/bid/104543
Third Party Advisory	https://usn.ubuntu.com/3706-1/
Third Party Advisory	https://usn.ubuntu.com/3706-2/
Mailing List	https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
MLIST	https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:1.5.90:::::::*`	libjpeg-turbo	== None	== 1.5.90

Source package	Branch	Version	Maintainer	Status