CVE-2018-11813
libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
libjpeg 9c tiene un bucle largo debido a que read_pixel en rdtarga.c gestiona EOF de manera incorrecta.
It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-05 CVE Reserved
- 2018-06-06 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-834: Excessive Iteration
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.ijg.org/files/jpegsrc.v9d.tar.gz | X_refsource_misc | |
| https://bugs.gentoo.org/727908 | X_refsource_misc | |
| https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf | Mailing List | |
| https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|