get8bitrow in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
[
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-1f50e2e7",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "get_8bit_row",
"file": "rdbmp.c"
},
"digest": {
"function_hash": "57628237145917201070809028689698663481",
"length": 1801.0
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-2983f6c1",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "rdbmp.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"129780747376625381667775847119624228235",
"328600578745973167556400485905618726976",
"170436885369060441149448052659487160923",
"117440962523410170857108027805025720393",
"31976223103563050684482363246367646573",
"300056999121453086585288838781880797672",
"225394901281595708980744754455453482337",
"205480306782708094090517710031626063668",
"35838988825856595526130268724398837925",
"210530536332015901362498335665631684423",
"280154164308718793257922505334616410144",
"65874605360759056741250530971195017940",
"173656375100962011717549215949312699316",
"146509309005061226042985356908931352163",
"269129494731401228814592157259077323940",
"101498173229517409756224590820600927379",
"97778602196456089108842131542423566095",
"44317727313169449603624525037779495377",
"115947554540060806411118423610295105326",
"83882701796407023467303891444133605120",
"128273784687960428804726503991789571844",
"75877921457526704196381315640667691030",
"142190866947194731285492720352609311325",
"102456799056926246047931133720169963975",
"128273784687960428804726503991789571844",
"75877921457526704196381315640667691030",
"133755758464384994347585571612304580123",
"270423075948143384548535391758075525186",
"65127662962938786388932411098076696971",
"310800698611811303680157673744065988969"
]
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-3227ede6",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "start_input_bmp",
"file": "rdbmp.c"
},
"digest": {
"function_hash": "334674020903279258554649052858881713283",
"length": 5597.0
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-3e49c460",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "get_word_rgb_row",
"file": "rdppm.c"
},
"digest": {
"function_hash": "131962944760936245935740527563052180283",
"length": 926.0
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-5e231f4c",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "read_pbm_integer",
"file": "rdppm.c"
},
"digest": {
"function_hash": "283476359615301270041658333819234337277",
"length": 535.0
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-b9db6276",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "cderror.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"178591537180509382090973936807719468140",
"74349518865376776322195492749302674016",
"59261346440716280695570748548750245054",
"324524211780650694505505189927715663473",
"220072139633242222566321780574733896575",
"326584459579562439001989687463896659764",
"322522772737926519743618726849426243598",
"289996983958759398731289723120463445117",
"148309034405190271075320742742642763531",
"273678173811343076320434666359952235172"
]
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-bf5d16f9",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "get_word_gray_row",
"file": "rdppm.c"
},
"digest": {
"function_hash": "103727246899443513708253591313056915447",
"length": 628.0
}
},
{
"source": "https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55",
"id": "CVE-2018-14498-fa7e0027",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "rdppm.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"231324369317310995202150982444405021602",
"97322255211350089845190211463521698747",
"159345671789277751261255044789720259367",
"20435950778292457301762546759254173221",
"104920465190101092907460319177071965263",
"237547477320708766852161039470051506692",
"288761321431152295633092240200739682582",
"288977527907952925832300625259167401475",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"236309143630896410383418698330561651602",
"89046228840064294020652135166409699236",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"177468550970662482367707305600988756598",
"285515278190137896547622516642734585658",
"277312511432121514880445334256442317583",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"177468550970662482367707305600988756598",
"285515278190137896547622516642734585658",
"277312511432121514880445334256442317583",
"262482125011024512086500019913010637445",
"49342455958502237845931013184645159175",
"236309143630896410383418698330561651602",
"89046228840064294020652135166409699236"
]
}
}
]