- Vulnerability/
- USN-4190-1
USN-4190-1: libjpeg-turbo vulnerabilities
First published: Wed Nov 13 2019(Updated: )
It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libjpeg-turbo8 | <2.0.1-0ubuntu2.2 | 2.0.1-0ubuntu2.2 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/libjpeg-turbo8 | <1.5.2-0ubuntu5.18.04.3 | 1.5.2-0ubuntu5.18.04.3 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libjpeg-turbo8 | <1.4.2-0ubuntu3.3 | 1.4.2-0ubuntu3.3 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2018-14498
- https://ubuntu.com/security/CVE-2018-19664
- https://ubuntu.com/security/CVE-2018-20330
- https://ubuntu.com/security/CVE-2019-2201
- https://ubuntu.com/security/notices/USN-5553-1
- https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.1-0ubuntu2.2
- https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu5.18.04.3
- https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.4.2-0ubuntu3.3
- https://ubuntu.com/security/notices/USN-4190-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of this advisory?
The vulnerability ID of this advisory is USN-4190-1.
What software is affected by this vulnerability?
The libjpeg-turbo8 package is affected by this vulnerability.
How can the vulnerability be exploited?
An attacker could exploit this vulnerability to expose sensitive information.
Which versions of Ubuntu are affected?
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS are affected.
How can I fix this vulnerability?
You can fix this vulnerability by updating the libjpeg-turbo8 package to version 2.0.1-0ubuntu2.2 (for Ubuntu 16.04 LTS), version 1.5.2-0ubuntu5.18.04.3 (for Ubuntu 18.04 LTS), or version 2.0.1-0ubuntu2.2 (for Ubuntu 19.04).
- agent/severity
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/title
- agent/references
- collector/usn
- source/Ubuntu
- anchor-related/USN-5553-1
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04