USN-5497-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5497-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5497-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5497-1

Related

Published

2022-06-30T12:54:31.249903Z

Modified

2022-06-30T12:54:31.249903Z

Summary

libjpeg6b vulnerabilities

Details

It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212)

Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813)

Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152)

References

Affected packages

Ubuntu:Pro:14.04:LTS / libjpeg6b

Package

Name: libjpeg6b
Purl: pkg:deb/ubuntu/libjpeg6b@6b1-4ubuntu1+esm1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6b1-4ubuntu1+esm1

Affected versions

Other

6b1-3ubuntu1

6b1-4ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "libjpeg62": "6b1-4ubuntu1+esm1",
            "libjpeg62-dbg": "6b1-4ubuntu1+esm1",
            "libjpeg62-dbgsym": "6b1-4ubuntu1+esm1",
            "libjpeg62-dev-dbgsym": "6b1-4ubuntu1+esm1",
            "libjpeg62-dev": "6b1-4ubuntu1+esm1"
        }
    ]
}