libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. References: https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1588804]
Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: epel-7 [bug 1588806] Affects: fedora-all [bug 1588808]
Patch (libjpeg-turbo): https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499 The following section in the upstream changelog entry is noteworthy: "[...] Because this issue only affected cjpeg and not the underlying library, and because it did not involve any out-of-bounds reads or other exploitable behaviors, it was not believed to represent a security threat."
Statement: This issue affects the versions of libjpeg as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of libjpeg-turbe as shipped with Red Hat Enterprise Linux 6 and 7. However, the problem is limited to the "cjpeg" utility and does not affect the library itself.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:2052
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11813
*** Bug 1849031 has been marked as a duplicate of this bug. ***