SB2018091316 - Division by zero in libjpeg-turbo (Alpine package)
Published: September 13, 2018
Security Bulletin ID
SB2018091316
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2018-1152)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide by zero error when processing a crafted BMP image. A remote attacker can pass specially crafted file to the application and crash it.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9378f3dab33e35a0b4972cdcd6c904bac680d04b
- https://git.alpinelinux.org/aports/commit/?id=8383ddb0e97106e81b063445f534fe1b8b8a0d27
- https://git.alpinelinux.org/aports/commit/?id=1657a9614c75c2d429138d032fd73dab19ccd5b3
- https://git.alpinelinux.org/aports/commit/?id=1e3413751e64bd39d7f3e99519dca06b07d463c2
- https://git.alpinelinux.org/aports/commit/?id=40f5397ff51533bc91833333e4b8848708b9a7f2
- https://git.alpinelinux.org/aports/commit/?id=6da545c8ebe12e5cf31235b89659fd6539ef0607
- https://git.alpinelinux.org/aports/commit/?id=8d429487fdfea72fe6b0e45659274a62fa8c89bd