CVE-2018-14498
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-14498
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14498.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14498
- Downstream
- Related
- Published
- 2019-03-07T23:29:00Z
- Modified
- 2025-10-18T10:51:49.488998Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
- https://access.redhat.com/errata/RHSA-2019:2052
- https://access.redhat.com/errata/RHSA-2019:3705
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
- https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
- https://github.com/mozilla/mozjpeg/issues/299
- https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
- https://usn.ubuntu.com/4190-1/
Affected packages
Git / github.com/mozilla/mozjpeg
Git / github.com/mozilla/mozjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libjpeg-turbo/libjpeg-turbo
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.90
0.0.91
0.0.93
1.*
1.0.0
1.0.1
1.0.90
1.1.0
1.1.1
1.1.90
1.2.0
1.2.1
1.2.90
1.3.0
1.3.1
1.3.90
1.4.0
1.4.1
1.4.2
1.4.90
1.5.0
1.5.1
1.5.2
1.5.3
1.5.90
Other
jpeg-1
jpeg-2
jpeg-3
jpeg-4
jpeg-4a
jpeg-5
jpeg-5a
jpeg-5b
jpeg-6
jpeg-6a
jpeg-6b
jpeg-6bx
jpeg-7
jpeg-8
jpeg-8a
jpeg-8b
jpeg-8c
jpeg-8d
jpeg-9
jpeg-9a
jpeg-9b
jpeg-ari
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2018-14498-1f50e2e7",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"function": "get_8bit_row",
"file": "rdbmp.c"
},
"digest": {
"function_hash": "57628237145917201070809028689698663481",
"length": 1801.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2018-14498-2983f6c1",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"file": "rdbmp.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129780747376625381667775847119624228235",
"328600578745973167556400485905618726976",
"170436885369060441149448052659487160923",
"117440962523410170857108027805025720393",
"31976223103563050684482363246367646573",
"300056999121453086585288838781880797672",
"225394901281595708980744754455453482337",
"205480306782708094090517710031626063668",
"35838988825856595526130268724398837925",
"210530536332015901362498335665631684423",
"280154164308718793257922505334616410144",
"65874605360759056741250530971195017940",
"173656375100962011717549215949312699316",
"146509309005061226042985356908931352163",
"269129494731401228814592157259077323940",
"101498173229517409756224590820600927379",
"97778602196456089108842131542423566095",
"44317727313169449603624525037779495377",
"115947554540060806411118423610295105326",
"83882701796407023467303891444133605120",
"128273784687960428804726503991789571844",
"75877921457526704196381315640667691030",
"142190866947194731285492720352609311325",
"102456799056926246047931133720169963975",
"128273784687960428804726503991789571844",
"75877921457526704196381315640667691030",
"133755758464384994347585571612304580123",
"270423075948143384548535391758075525186",
"65127662962938786388932411098076696971",
"310800698611811303680157673744065988969"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2018-14498-3227ede6",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"function": "start_input_bmp",
"file": "rdbmp.c"
},
"digest": {
"function_hash": "334674020903279258554649052858881713283",
"length": 5597.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2018-14498-3e49c460",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"function": "get_word_rgb_row",
"file": "rdppm.c"
},
"digest": {
"function_hash": "131962944760936245935740527563052180283",
"length": 926.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2018-14498-5e231f4c",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"function": "read_pbm_integer",
"file": "rdppm.c"
},
"digest": {
"function_hash": "283476359615301270041658333819234337277",
"length": 535.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2018-14498-b9db6276",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"file": "cderror.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"178591537180509382090973936807719468140",
"74349518865376776322195492749302674016",
"59261346440716280695570748548750245054",
"324524211780650694505505189927715663473",
"220072139633242222566321780574733896575",
"326584459579562439001989687463896659764",
"322522772737926519743618726849426243598",
"289996983958759398731289723120463445117",
"148309034405190271075320742742642763531",
"273678173811343076320434666359952235172"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2018-14498-bf5d16f9",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"function": "get_word_gray_row",
"file": "rdppm.c"
},
"digest": {
"function_hash": "103727246899443513708253591313056915447",
"length": 628.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2018-14498-fa7e0027",
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"signature_version": "v1",
"target": {
"file": "rdppm.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"231324369317310995202150982444405021602",
"97322255211350089845190211463521698747",
"159345671789277751261255044789720259367",
"20435950778292457301762546759254173221",
"104920465190101092907460319177071965263",
"237547477320708766852161039470051506692",
"288761321431152295633092240200739682582",
"288977527907952925832300625259167401475",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"236309143630896410383418698330561651602",
"89046228840064294020652135166409699236",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"177468550970662482367707305600988756598",
"285515278190137896547622516642734585658",
"277312511432121514880445334256442317583",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"177468550970662482367707305600988756598",
"285515278190137896547622516642734585658",
"277312511432121514880445334256442317583",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"236309143630896410383418698330561651602",
"89046228840064294020652135166409699236"
]
},
"deprecated": false
}
]