CVE-2018-14498
libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
get_8bit_row en rdbmp.c en libjpeg-turbo, hasta la versión 1.5.90, y MozJPEG, hasta la versión 3.3.1, permite a los atacantes provocar una denegación de servicio (sobrelectura de búfer basada en memoria dinámica [heap]) mediante un BMP de 8-bit manipulado en el que uno o más de los índices de color está fuera de rango en para el número de entradas de paleta.
It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. It was discovered that libjpeg-turbo was not properly performing bounds check operations, which could lead to a heap-based buffer overread. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-21 CVE Reserved
- 2019-03-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 | 2024-08-05 | |
| https://github.com/mozilla/mozjpeg/issues/299 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libjpeg-turbo Search vendor "Libjpeg-turbo" | Libjpeg-turbo Search vendor "Libjpeg-turbo" for product "Libjpeg-turbo" | <= 1.5.90 Search vendor "Libjpeg-turbo" for product "Libjpeg-turbo" and version " <= 1.5.90" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Mozjpeg Search vendor "Mozilla" for product "Mozjpeg" | <= 3.3.1 Search vendor "Mozilla" for product "Mozjpeg" and version " <= 3.3.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 28 Search vendor "Fedoraproject" for product "Fedora" and version "28" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||