CVE-2018-11813

HIGH

libjpeg 9c - Buffer Overflow

Title source: llm

Description

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

References (7)

[Third Party Advisory] https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c

[Mailing List, Third Party Advisory] https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf

View Writeup ZIP pw:eip

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:2052

[Issue Tracking] https://bugs.gentoo.org/727908

[Various Sources] http://www.ijg.org/files/jpegsrc.v9d.tar.gz

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (1)

ijg/libjpeg 9c

Published Jun 06, 2018

Tracked Since Feb 18, 2026