USN-5497-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5497-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5497-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-5497-1
Upstream
Related
Published
2022-06-30T12:54:31.249903Z
Modified
2025-10-13T04:35:59Z
Summary
libjpeg6b vulnerabilities
Details

It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212)

Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813)

Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152)

References

Affected packages

Ubuntu:Pro:14.04:LTS / libjpeg6b

Package

Name
libjpeg6b
Purl
pkg:deb/ubuntu/libjpeg6b@6b1-4ubuntu1+esm1?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6b1-4ubuntu1+esm1

Affected versions

Other

6b1-3ubuntu1
6b1-4ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "6b1-4ubuntu1+esm1",
            "binary_name": "libjpeg62"
        },
        {
            "binary_version": "6b1-4ubuntu1+esm1",
            "binary_name": "libjpeg62-dev"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:14.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2018-11212"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2018-11213"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2018-11214"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2018-11813"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "low",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-14152"
        }
    ]
}