Bug 1579973 (CVE-2018-11212)

Summary: CVE-2018-11212 libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abergmann, bkearney, erik-fedora, java-qa, klember, meissner, negativo17, nforro, phracek, rjones, tlestach, vonsch, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:23:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1579974, 1579975, 1579976, 1579977, 1579982, 1586062, 1685111, 1685112, 1685113, 1685114, 1685115, 1685116, 1685117, 1689835, 1694579    
Bug Blocks: 1579984    

Description Laura Pardo 2018-05-18 21:01:20 UTC 
An issue was discovered in libjpeg version 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.


References:
https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a
Comment 1 Laura Pardo 2018-05-18 21:01:57 UTC 
Created libjpeg-turbo tracking bugs for this issue:

Affects: fedora-all [bug 1579976]


Created mingw-libjpeg-turbo tracking bugs for this issue:

Affects: epel-7 [bug 1579974]
Affects: fedora-all [bug 1579977]
Comment 4 Riccardo Schirone 2018-06-05 12:08:30 UTC 
Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0
Comment 6 errata-xmlrpc 2019-03-06 21:52:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0469
Comment 7 errata-xmlrpc 2019-03-07 15:58:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0472
Comment 8 errata-xmlrpc 2019-03-07 15:58:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0473
Comment 9 errata-xmlrpc 2019-03-07 15:59:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0474 https://access.redhat.com/errata/RHSA-2019:0474
Comment 10 errata-xmlrpc 2019-03-25 18:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 5.8

Via RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:0640
Comment 11 errata-xmlrpc 2019-05-16 13:25:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238
Comment 12 errata-xmlrpc 2019-08-06 12:08:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:2052