CVE-2018-14498

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
libjpeg-turbolibjpeg-turbo
𝑥
≤ 1.5.90
mozillamozjpeg
𝑥
≤ 3.3.1
debiandebian_linux
8.0
opensuseleap
15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libjpeg-turbo
bookworm
1:2.1.5-2
fixed
bullseye
1:2.0.6-4
fixed
sid
1:2.1.5-3
fixed
trixie
1:2.1.5-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libjpeg-turbo
bionic
Fixed 1.5.2-0ubuntu5.18.04.3
released
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
trusty
Fixed 1.3.0-0ubuntu2.1+esm2
released
xenial
Fixed 1.4.2-0ubuntu3.3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libjpeg-turbo
suse enterprise sap 12 SP3
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP4
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP5
1.5.3-31.14.2
fixed
suse enterprise server 12 SP3
1.5.3-31.14.2
fixed
suse enterprise server 12 SP4
1.5.3-31.14.2
fixed
suse enterprise server 12 SP5
1.5.3-31.14.2
fixed
libjpeg62
suse enterprise desktop 15
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP1
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP2
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP3
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise desktop 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise sap 12 SP3
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP4
62.2.0-31.14.2
fixed
suse enterprise sap 15
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP1
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP2
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP3
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise sap 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise server 12 SP3
62.2.0-31.14.2
fixed
suse enterprise server 12 SP4
62.2.0-31.14.2
fixed
suse enterprise server 15
62.2.0-5.7.1
fixed
suse enterprise server 15 SP1
62.2.0-5.7.1
fixed
suse enterprise server 15 SP2
62.2.0-5.7.1
fixed
suse enterprise server 15 SP3
62.2.0-5.7.1
fixed
suse enterprise server 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise server 15 SP7
62.3.0-150600.22.3
fixed
libjpeg62-32bit
suse enterprise sap 12 SP3
62.2.0-31.14.2
fixed
suse enterprise sap 12 SP4
62.2.0-31.14.2
fixed
suse enterprise server 12 SP3
62.2.0-31.14.2
fixed
suse enterprise server 12 SP4
62.2.0-31.14.2
fixed
libjpeg62-devel
suse enterprise desktop 15
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP1
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP2
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP3
62.2.0-5.7.1
fixed
suse enterprise desktop 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise desktop 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise desktop 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise sap 15
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP1
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP2
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP3
62.2.0-5.7.1
fixed
suse enterprise sap 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise sap 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise sap 15 SP7
62.3.0-150600.22.3
fixed
suse enterprise server 15
62.2.0-5.7.1
fixed
suse enterprise server 15 SP1
62.2.0-5.7.1
fixed
suse enterprise server 15 SP2
62.2.0-5.7.1
fixed
suse enterprise server 15 SP3
62.2.0-5.7.1
fixed
suse enterprise server 15 SP4
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP5
62.3.0-150400.15.7
fixed
suse enterprise server 15 SP6
62.3.0-150600.22.3
fixed
suse enterprise server 15 SP7
62.3.0-150600.22.3
fixed
libjpeg62-turbo
suse enterprise sap 12 SP3
1.5.3-31.14.2
fixed
suse enterprise sap 12 SP4
1.5.3-31.14.2
fixed
suse enterprise server 12 SP3
1.5.3-31.14.2
fixed
suse enterprise server 12 SP4
1.5.3-31.14.2
fixed
libjpeg8
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libjpeg8-32bit
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libjpeg8-devel
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
libturbojpeg0
suse enterprise desktop 15
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP1
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP2
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP3
8.1.2-5.7.1
fixed
suse enterprise desktop 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise desktop 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise desktop 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise sap 12 SP3
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP4
8.1.2-31.14.2
fixed
suse enterprise sap 12 SP5
8.1.2-31.14.2
fixed
suse enterprise sap 15
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP1
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP2
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP3
8.1.2-5.7.1
fixed
suse enterprise sap 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise sap 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise sap 15 SP7
8.2.2-150600.22.5
fixed
suse enterprise server 12 SP3
8.1.2-31.14.2
fixed
suse enterprise server 12 SP4
8.1.2-31.14.2
fixed
suse enterprise server 12 SP5
8.1.2-31.14.2
fixed
suse enterprise server 15
8.1.2-5.7.1
fixed
suse enterprise server 15 SP1
8.1.2-5.7.1
fixed
suse enterprise server 15 SP2
8.1.2-5.7.1
fixed
suse enterprise server 15 SP3
8.1.2-5.7.1
fixed
suse enterprise server 15 SP4
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP5
8.2.2-150400.15.9
fixed
suse enterprise server 15 SP6
8.2.2-150600.22.5
fixed
suse enterprise server 15 SP7
8.2.2-150600.22.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libjpeg-turbo
RHEL 7
0:1.2.90-8.el7
fixed
RHEL 8
0:1.5.3-10.el8
fixed
libjpeg-turbo-devel
RHEL 7
0:1.2.90-8.el7
fixed
RHEL 8
0:1.5.3-10.el8
fixed
libjpeg-turbo-static
RHEL 7
0:1.2.90-8.el7
fixed
libjpeg-turbo-utils
RHEL 7
0:1.2.90-8.el7
fixed
RHEL 8
0:1.5.3-10.el8
fixed
turbojpeg
RHEL 7
0:1.2.90-8.el7
fixed
RHEL 8
0:1.5.3-10.el8
fixed
turbojpeg-devel
RHEL 7
0:1.2.90-8.el7
fixed
RHEL 8
0:1.5.3-10.el8
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
https://access.redhat.com/errata/RHSA-2019:2052
https://access.redhat.com/errata/RHSA-2019:3705
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://github.com/mozilla/mozjpeg/issues/299
https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
https://usn.ubuntu.com/4190-1/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html
https://access.redhat.com/errata/RHSA-2019:2052
https://access.redhat.com/errata/RHSA-2019:3705
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://github.com/mozilla/mozjpeg/issues/299
https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
https://usn.ubuntu.com/4190-1/