{"id":"USN-5336-1","summary":"libjpeg9 vulnerabilities","details":"Aladdin Mubaied discovered that the cjpeg utility in libjpeg9 did not properly\nvalidate the input image's size. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2016-3616)\n\nIt was discovered that the cjpeg utility in libjpeg9 incorrectly handled\ncertain input. An attacker could possibly use these issues to cause a denial of\nservice. (CVE-2018-11212, CVE-2018-11813, CVE-2020-14152, CVE-2020-14153)\n\nIt was discovered that the cjpeg utility in libjpeg9 incorrectly handled\nmemory when supplied with certain input. An attacker could possibly use these\nissues to cause a denial of service or execute arbitrary code.\n(CVE-2018-11213, CVE-2018-11214)\n","modified":"2026-04-27T16:17:16.954915983Z","published":"2022-03-23T12:40:00Z","related":["UBUNTU-CVE-2016-3616","UBUNTU-CVE-2018-11212","UBUNTU-CVE-2018-11213","UBUNTU-CVE-2018-11214","UBUNTU-CVE-2018-11813","UBUNTU-CVE-2020-14152","UBUNTU-CVE-2020-14153"],"upstream":["CVE-2016-3616","CVE-2018-11212","CVE-2018-11213","CVE-2018-11214","CVE-2018-11813","CVE-2020-14152","CVE-2020-14153","UBUNTU-CVE-2016-3616","UBUNTU-CVE-2018-11212","UBUNTU-CVE-2018-11213","UBUNTU-CVE-2018-11214","UBUNTU-CVE-2018-11813","UBUNTU-CVE-2020-14152","UBUNTU-CVE-2020-14153"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5336-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3616"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-11212"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-11213"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-11214"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-11813"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14152"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14153"}],"affected":[{"package":{"name":"libjpeg9","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libjpeg9@1:9b-1ubuntu1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9b-1ubuntu1+esm1"}]}],"versions":["1:9a-2ubuntu1","1:9b-1","1:9b-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libjpeg-progs","binary_version":"1:9b-1ubuntu1+esm1"},{"binary_version":"1:9b-1ubuntu1+esm1","binary_name":"libjpeg9"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-3616"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-11212"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-11213"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-11214"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-11813"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-14152"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-14153"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5336-1.json"}}],"schema_version":"1.7.5"}