CVE-2018-14498

NameCVE-2018-14498
Descriptionget_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1719-1
NVD severitymedium
Debian Bugs741487, 924678

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjpeg-turbo (PTS)jessie1:1.3.1-12vulnerable
jessie (security)1:1.3.1-12+deb8u2fixed
stretch1:1.5.1-2vulnerable
bullseye, sid, buster1:1.5.2-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libjpeg-turbosource(unstable)(unfixed)low924678
libjpeg-turbosourcejessie1:1.3.1-12+deb8u2DLA-1719-1
mozjpegITP741487

Notes

[buster] - libjpeg-turbo <no-dsa> (Minor issue)
[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://github.com/mozilla/mozjpeg/issues/299

Search for package or bug name: Reporting problems