CVE-2018-14498

CVE Database · CVE-2018-14498

CVE-2018-14498

· N/AModified

CVSS v3.1

N/A

EPSS

3.10%

Published

Mar 7, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Weaknesses (CWE)

CWE-125

Affected Products (5)

libjpeg-turbo · libjpeg-turbovulnerable

mozilla · mozjpegvulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

opensuse · leapvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html