{"id":"USN-5336-1","summary":"libjpeg9 vulnerabilities","details":"Aladdin Mubaied discovered that the cjpeg utility in libjpeg9 did not properly\nvalidate the input image's size. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2016-3616)\n\nIt was discovered that the cjpeg utility in libjpeg9 incorrectly handled\ncertain input. An attacker could possibly use these issues to cause a denial of\nservice. (CVE-2018-11212, CVE-2018-11813, CVE-2020-14152, CVE-2020-14153)\n\nIt was discovered that the cjpeg utility in libjpeg9 incorrectly handled\nmemory when supplied with certain input. An attacker could possibly use these\nissues to cause a denial of service or execute arbitrary code.\n(CVE-2018-11213, CVE-2018-11214)\n","modified":"2026-04-24T09:32:40.263543260Z","published":"2022-03-23T12:40:00Z","related":["UBUNTU-CVE-2016-3616","UBUNTU-CVE-2018-11212","UBUNTU-CVE-2018-11213","UBUNTU-CVE-2018-11214","UBUNTU-CVE-2018-11813","UBUNTU-CVE-2020-14152","UBUNTU-CVE-2020-14153"],"upstream":["CVE-2016-3616","UBUNTU-CVE-2016-3616"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5336-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3616"}],"affected":[{"package":{"name":"libjpeg9","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libjpeg9@1:9b-1ubuntu1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9b-1ubuntu1+esm1"}]}],"versions":["1:9a-2ubuntu1","1:9b-1","1:9b-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libjpeg-progs","binary_version":"1:9b-1ubuntu1+esm1"},{"binary_name":"libjpeg9","binary_version":"1:9b-1ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5336-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2016-3616"}]}}}],"schema_version":"1.7.5"}