VMware Tanzu products update for libjpeg-turbo

1) NULL pointer dereference

EUVDB-ID: #VU24206

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3616

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the cjpeg utility in libjpeg. A remote attacker can create a specially crafted image and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Tanzu Operations Manager: before 2.10.39

Tanzu Greenplum for Kubernetes: before 2.0.0

External links

http://tanzu.vmware.com/security/usn-5553-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU24199

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11813

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in read_pixel() function in rdtarga.c when processing EOF (end-of-line) characters. A remote attacker can use a specially crafted image to consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Tanzu Operations Manager: before 2.10.39

Tanzu Greenplum for Kubernetes: before 2.0.0

External links

http://tanzu.vmware.com/security/usn-5553-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU24203

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14498

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries within the get_8bit_row in rdbmp.c. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Tanzu Operations Manager: before 2.10.39

Tanzu Greenplum for Kubernetes: before 2.0.0

External links

http://tanzu.vmware.com/security/usn-5553-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU29121

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14152

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or disclose sensitive information.

The vulnerability exists due to a boundary error in "jpeg_mem_available()" function in "jmemnobs.c" file in djpeg. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and gain access to sensitive information or cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Tanzu Operations Manager: before 2.10.39

Tanzu Greenplum for Kubernetes: before 2.0.0

External links

http://tanzu.vmware.com/security/usn-5553-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU54089

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-17541

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the in the "transform" component in Libjpeg-turb. A remote attacker can create a specially crafted JPEG image, pass it to the affected aplication, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Tanzu Operations Manager: before 2.10.39

Tanzu Greenplum for Kubernetes: before 2.0.0

External links

http://tanzu.vmware.com/security/usn-5553-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.