CVE-2018-14498

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14498.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-14498
Downstream
Related
Published
2019-03-07T23:29:00Z
Modified
2025-10-18T10:51:49.488998Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

References

Affected packages

Git / github.com/mozilla/mozjpeg

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/mozjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/mozilla/mozjpeg

Affected ranges

Type
GIT
Repo
https://github.com/libjpeg-turbo/libjpeg-turbo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.0.90
0.0.91
0.0.93

1.*

1.0.0
1.0.1
1.0.90
1.1.0
1.1.1
1.1.90
1.2.0
1.2.1
1.2.90
1.3.0
1.3.1
1.3.90
1.4.0
1.4.1
1.4.2
1.4.90
1.5.0
1.5.1
1.5.2
1.5.3
1.5.90

Other

jpeg-1
jpeg-2
jpeg-3
jpeg-4
jpeg-4a
jpeg-5
jpeg-5a
jpeg-5b
jpeg-6
jpeg-6a
jpeg-6b
jpeg-6bx
jpeg-7
jpeg-8
jpeg-8a
jpeg-8b
jpeg-8c
jpeg-8d
jpeg-9
jpeg-9a
jpeg-9b
jpeg-ari

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2018-14498-1f50e2e7",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "function": "get_8bit_row",
            "file": "rdbmp.c"
        },
        "digest": {
            "function_hash": "57628237145917201070809028689698663481",
            "length": 1801.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2018-14498-2983f6c1",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "file": "rdbmp.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "129780747376625381667775847119624228235",
                "328600578745973167556400485905618726976",
                "170436885369060441149448052659487160923",
                "117440962523410170857108027805025720393",
                "31976223103563050684482363246367646573",
                "300056999121453086585288838781880797672",
                "225394901281595708980744754455453482337",
                "205480306782708094090517710031626063668",
                "35838988825856595526130268724398837925",
                "210530536332015901362498335665631684423",
                "280154164308718793257922505334616410144",
                "65874605360759056741250530971195017940",
                "173656375100962011717549215949312699316",
                "146509309005061226042985356908931352163",
                "269129494731401228814592157259077323940",
                "101498173229517409756224590820600927379",
                "97778602196456089108842131542423566095",
                "44317727313169449603624525037779495377",
                "115947554540060806411118423610295105326",
                "83882701796407023467303891444133605120",
                "128273784687960428804726503991789571844",
                "75877921457526704196381315640667691030",
                "142190866947194731285492720352609311325",
                "102456799056926246047931133720169963975",
                "128273784687960428804726503991789571844",
                "75877921457526704196381315640667691030",
                "133755758464384994347585571612304580123",
                "270423075948143384548535391758075525186",
                "65127662962938786388932411098076696971",
                "310800698611811303680157673744065988969"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-14498-3227ede6",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "function": "start_input_bmp",
            "file": "rdbmp.c"
        },
        "digest": {
            "function_hash": "334674020903279258554649052858881713283",
            "length": 5597.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-14498-3e49c460",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "function": "get_word_rgb_row",
            "file": "rdppm.c"
        },
        "digest": {
            "function_hash": "131962944760936245935740527563052180283",
            "length": 926.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-14498-5e231f4c",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "function": "read_pbm_integer",
            "file": "rdppm.c"
        },
        "digest": {
            "function_hash": "283476359615301270041658333819234337277",
            "length": 535.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2018-14498-b9db6276",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "file": "cderror.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178591537180509382090973936807719468140",
                "74349518865376776322195492749302674016",
                "59261346440716280695570748548750245054",
                "324524211780650694505505189927715663473",
                "220072139633242222566321780574733896575",
                "326584459579562439001989687463896659764",
                "322522772737926519743618726849426243598",
                "289996983958759398731289723120463445117",
                "148309034405190271075320742742642763531",
                "273678173811343076320434666359952235172"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-14498-bf5d16f9",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "function": "get_word_gray_row",
            "file": "rdppm.c"
        },
        "digest": {
            "function_hash": "103727246899443513708253591313056915447",
            "length": 628.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2018-14498-fa7e0027",
        "source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
        "signature_version": "v1",
        "target": {
            "file": "rdppm.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "231324369317310995202150982444405021602",
                "97322255211350089845190211463521698747",
                "159345671789277751261255044789720259367",
                "20435950778292457301762546759254173221",
                "104920465190101092907460319177071965263",
                "237547477320708766852161039470051506692",
                "288761321431152295633092240200739682582",
                "288977527907952925832300625259167401475",
                "262482125011024512086500019913010637445",
                "49342455958502237845931013184645159175",
                "236309143630896410383418698330561651602",
                "89046228840064294020652135166409699236",
                "262482125011024512086500019913010637445",
                "49342455958502237845931013184645159175",
                "177468550970662482367707305600988756598",
                "285515278190137896547622516642734585658",
                "277312511432121514880445334256442317583",
                "262482125011024512086500019913010637445",
                "49342455958502237845931013184645159175",
                "177468550970662482367707305600988756598",
                "285515278190137896547622516642734585658",
                "277312511432121514880445334256442317583",
                "262482125011024512086500019913010637445",
                "49342455958502237845931013184645159175",
                "236309143630896410383418698330561651602",
                "89046228840064294020652135166409699236"
            ]
        },
        "deprecated": false
    }
]