Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Vulnerable Source Files (2)
/samples/jpeglib/rdtarga.c
/samples/jpeglib/rdtarga.c
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (boincclient_release/7.0/7.0.3 version) |
Remediation Possible** |
| CVE-2013-2018 |
 Critical |
9.2 |
detected in multiple dependencies |
Direct |
client_release/7.1/7.1.1 |
❌ |
| CVE-2020-14152 |
 Medium |
6.9 |
boincclient_release/7.0/7.0.3 |
Direct |
jpeg-9d |
❌ |
| CVE-2018-11813 |
Medium |
6.9 |
boincclient_release/7.0/7.0.3 |
Direct |
2.0.0 |
❌ |
| CVE-2013-7386 |
Medium |
6.9 |
boincclient_release/7.0/7.0.3 |
Direct |
client_release/7.1/7.1.1 |
❌ |
| CVE-2013-6630 |
Medium |
6.9 |
boincclient_release/7.0/7.0.3 |
Direct |
1.3.1 |
❌ |
| CVE-2013-6629 |
Medium |
6.9 |
boincclient_release/7.0/7.0.3 |
Direct |
1.3.90 |
❌ |
| CVE-2018-14498 |
Medium |
6.3 |
boincclient_release/7.0/7.0.3 |
Direct |
2.0.0 |
❌ |
| CVE-2017-15232 |
Medium |
6.3 |
detected in multiple dependencies |
Direct |
1.5.3 |
❌ |
| CVE-2012-2806 |
Medium |
6.3 |
boincclient_release/7.0/7.0.3 |
Direct |
All libjpeg-turbo users should upgrade to the latest version >= libjpeg-turbo-1.2.1 |
|
| ❌ |
|
|
|
|
|
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2013-2018
Vulnerable Libraries - boincclient_release/7.0/7.0.3, boincclient_release/7.0/7.0.3
Vulnerability Details
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Publish Date: 2020-02-19
URL: CVE-2013-2018
CVSS 4 Score Details (9.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2020-02-20
Fix Resolution: client_release/7.1/7.1.1
CVE-2020-14152
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/samples/jpeglib/jmemnobs.c
Vulnerability Details
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
Publish Date: 2020-06-15
URL: CVE-2020-14152
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152
Release Date: 2020-07-31
Fix Resolution: jpeg-9d
CVE-2018-11813
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (2)
/samples/jpeglib/rdtarga.c
/samples/jpeglib/rdtarga.c
Vulnerability Details
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
Publish Date: 2018-06-06
URL: CVE-2018-11813
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2018-06-06
Fix Resolution: 2.0.0
CVE-2013-7386
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/client/cs_account.cpp
Vulnerability Details
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
Publish Date: 2014-06-02
URL: CVE-2013-7386
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7386
Release Date: 2014-06-02
Fix Resolution: client_release/7.1/7.1.1
CVE-2013-6630
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/samples/jpeglib/jdmarker.c
Vulnerability Details
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Publish Date: 2013-11-19
URL: CVE-2013-6630
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2013-11-19
Fix Resolution: 1.3.1
CVE-2013-6629
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/samples/jpeglib/jdmarker.c
Vulnerability Details
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Publish Date: 2013-11-19
URL: CVE-2013-6629
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
Release Date: 2013-11-19
Fix Resolution: 1.3.90
CVE-2018-14498
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/samples/jpeglib/rdbmp.c
Vulnerability Details
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Publish Date: 2019-03-07
URL: CVE-2018-14498
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498
Release Date: 2019-03-07
Fix Resolution: 2.0.0
CVE-2017-15232
Vulnerable Libraries - boincclient_release/7.0/7.0.3, boincclient_release/7.0/7.0.3
Vulnerability Details
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
Publish Date: 2017-10-11
URL: CVE-2017-15232
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232
Release Date: 2017-10-11
Fix Resolution: 1.5.3
CVE-2012-2806
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
/samples/jpeglib/jdmarker.c
Vulnerability Details
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
Publish Date: 2012-08-13
URL: CVE-2012-2806
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201209-13.xml
Release Date: 2012-09-26
Fix Resolution: All libjpeg-turbo users should upgrade to the latest version >= libjpeg-turbo-1.2.1
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Libraries - boincclient_release/7.0/7.0.3, boincclient_release/7.0/7.0.3
Vulnerability Details
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Publish Date: 2020-02-19
URL: CVE-2013-2018
CVSS 4 Score Details (9.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2020-02-20
Fix Resolution: client_release/7.1/7.1.1
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
Publish Date: 2020-06-15
URL: CVE-2020-14152
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14152
Release Date: 2020-07-31
Fix Resolution: jpeg-9d
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (2)
Vulnerability Details
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
Publish Date: 2018-06-06
URL: CVE-2018-11813
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2018-06-06
Fix Resolution: 2.0.0
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
Publish Date: 2014-06-02
URL: CVE-2013-7386
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7386
Release Date: 2014-06-02
Fix Resolution: client_release/7.1/7.1.1
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Publish Date: 2013-11-19
URL: CVE-2013-6630
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2013-11-19
Fix Resolution: 1.3.1
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Publish Date: 2013-11-19
URL: CVE-2013-6629
CVSS 4 Score Details (6.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
Release Date: 2013-11-19
Fix Resolution: 1.3.90
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Publish Date: 2019-03-07
URL: CVE-2018-14498
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14498
Release Date: 2019-03-07
Fix Resolution: 2.0.0
Vulnerable Libraries - boincclient_release/7.0/7.0.3, boincclient_release/7.0/7.0.3
Vulnerability Details
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
Publish Date: 2017-10-11
URL: CVE-2017-15232
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232
Release Date: 2017-10-11
Fix Resolution: 1.5.3
Vulnerable Library - boincclient_release/7.0/7.0.3
Open-source software for volunteer computing and grid computing.
Library home page: https://github.com/BOINC/boinc.git
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
Publish Date: 2012-08-13
URL: CVE-2012-2806
CVSS 4 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201209-13.xml
Release Date: 2012-09-26
Fix Resolution: All libjpeg-turbo users should upgrade to the latest version >= libjpeg-turbo-1.2.1