Home

CVE-2018-11212

Description

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.902

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit 11.0.1Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit 1.7.0.2010Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 are affected in Java SE Development Kit 8.0.1920Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 191 (64-bit)Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit Java SE Development Kit 8 Update 191 (64-bit)Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit (x64) 11.0.1Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit (x64) 1.7.0.2010Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 are affected in Java SE Development Kit (x64) 8.0.1920Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 are affected in Java SE Development Kit (x64) 8.0.1910Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2426,CVE-2019-2422 are fixed in Azul Zulu JDK 7 7.27Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2426,CVE-2019-2422 are fixed in Azul Zulu JDK 7 (x64) 7.27Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2426,CVE-2019-2422 are fixed in Azul Zulu JDK 8 (MSI) 8.35Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2426,CVE-2019-2422 are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.35Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2426,CVE-2019-2422 are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.29Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-5503 are affected in Netapp Oncommand Workflow Automation 5.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 9.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 are affected in Java Runtime Environment 1.8 8.0.1920Windows
Vulnerabilities CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 are affected in Java Runtime Environment 1.8 (x64) 8.0.1920Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 5.0Windows
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.3.0-0ubuntu2.1_i386.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.3.0-0ubuntu2.1_amd64.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.4.2-0ubuntu3.1_i386.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.4.2-0ubuntu3.1_amd64.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.5.2-0ubuntu5.17.10.1_i386.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.5.2-0ubuntu5.17.10.1_amd64.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.5.2-0ubuntu5.18.04.1_i386.debLinux
library for handling JPEG files (USN-3706-1) libjpeg-turbo8_1.5.2-0ubuntu5.18.04.1_amd64.debLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-1.7.1_sr4.40-26.36.1.i586.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-1.7.1_sr4.40-26.36.1.x86_64.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-alsa-1.7.1_sr4.40-26.36.1.i586.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-alsa-1.7.1_sr4.40-26.36.1.x86_64.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-jdbc-1.7.1_sr4.40-26.36.1.i586.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-jdbc-1.7.1_sr4.40-26.36.1.x86_64.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-plugin-1.7.1_sr4.40-26.36.1.i586.rpmLinux
SUSE-SU-2019:13978-1(SUSE Linux Enterprise Server 11-SP4 ) java-1_7_1-ibm-plugin-1.7.1_sr4.40-26.36.1.x86_64.rpmLinux
SUSE-SU-2019:1219-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-1.8.0.212-27.32.1.x86_64.rpmLinux
SUSE-SU-2019:1219-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1.x86_64.rpmLinux
SUSE-SU-2019:1219-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1.x86_64.rpmLinux
SUSE-SU-2019:1219-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_8_0-openjdk-headless-1.8.0.212-27.32.1.x86_64.rpmLinux
SUSE-SU-2019:1219-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1.x86_64.rpmLinux
SUSE-SU-2019:1392-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-1.7.0.221-43.22.1.x86_64.rpmLinux
SUSE-SU-2019:1392-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1.x86_64.rpmLinux
SUSE-SU-2019:1392-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1.x86_64.rpmLinux
SUSE-SU-2019:1392-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-headless-1.7.0.221-43.22.1.x86_64.rpmLinux
SUSE-SU-2019:1392-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1.x86_64.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP4 ) java-1_8_0-ibm-1.8.0_sr5.40-30.54.1.x86_64.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP4 ) java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1.x86_64.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP4 ) java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0472) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.5.30-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-demo-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-devel-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-jdbc-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-plugin-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:0473) java-1.7.1-ibm security update java-1.7.1-ibm-src-1.7.1.4.40-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-devel-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-static-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update turbojpeg-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update turbojpeg-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update turbojpeg-devel-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052) libjpeg-turbo security update turbojpeg-devel-1.2.90-8.el7.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-headless-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(RHSA-2019:1238) java-1.8.0-ibm security update java-1.8.0-ibm-webstart-1.8.0.5.35-3.el8_0.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-1.2.90-8.el7.i686.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-1.2.90-8.el7.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-devel-1.2.90-8.el7.i686.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-static-1.2.90-8.el7.i686.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update turbojpeg-1.2.90-8.el7.i686.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update turbojpeg-1.2.90-8.el7.x86_64.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update turbojpeg-devel-1.2.90-8.el7.i686.rpmLinux
(CESA-2019:2052) libjpeg-turbo security update turbojpeg-devel-1.2.90-8.el7.x86_64.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP5) java-1_8_0-ibm-1.8.0_sr5.40-30.54.1.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP5) java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2371-1(SUSE Linux Enterprise Server 12-SP5) java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1.x86_64_12_SP5.rpmLinux
(RHSA-2019:2052)Moderate: security update libjpeg-turbo-debuginfo-1.2.90-8.el7.i686.rpmLinux
(RHSA-2019:2052)Moderate: security update libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpmLinux
Libjpeg-turbo update (ELSA-2019-2052) libjpeg-turbo-1.2.90-8.el7.i686.rpmLinux
Libjpeg-turbo update (ELSA-2019-2052) libjpeg-turbo-1.2.90-8.el7.x86_64.rpmLinux
Libjpeg-turbo-devel update (ELSA-2019-2052) libjpeg-turbo-devel-1.2.90-8.el7.i686.rpmLinux
Libjpeg-turbo-devel update (ELSA-2019-2052) libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpmLinux
libjpeg-turbo Security Update (ALAS-2019-1350) libjpeg-turbo-static-1.2.90-6.amzn2.0.3.x86_64.rpmLinux
Divide By Zero Vulnerability (CVE-2018-11212)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-309099Java SE Development Kit 11.0.2 (64-bit)
PATCH-330243Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-344728Azul Zulu JDK 8 (MSI) (8.84.0.15)
PATCH-344692Azul Zulu JDK 8 (MSI) (x64) (8.84.0.15)
PATCH-344691Azul Zulu JDK 11 (MSI) (x64) (11.78.15)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234