{"id":"CVE-2018-1152","details":"libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.","modified":"2026-04-16T06:16:10.636503677Z","published":"2018-06-18T14:29:00.323Z","related":["SUSE-SU-2018:1825-1","SUSE-SU-2019:0711-1","SUSE-SU-2019:1111-1","openSUSE-SU-2019:1118-1","openSUSE-SU-2024:10952-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104543"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3706-2/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3706-1/"},{"type":"ADVISORY","url":"https://www.tenable.com/security/research/tra-2018-17"},{"type":"FIX","url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libjpeg-turbo/libjpeg-turbo","events":[{"introduced":"0"},{"last_affected":"c80ddef7a4ce21ace9e3ca0fd190d320cc8cdaeb"},{"fixed":"43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.90"}]}}],"versions":["0.0.90","0.0.91","0.0.93","1.0.0","1.0.1","1.0.90","1.1.90","1.2.90","1.3.90","1.4.90","1.5.0","1.5.90","jpeg-1","jpeg-2","jpeg-3","jpeg-4","jpeg-4a","jpeg-5","jpeg-5a","jpeg-5b","jpeg-6","jpeg-6a","jpeg-6b"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1152.json","vanir_signatures_modified":"2026-04-11T06:58:41Z","vanir_signatures":[{"source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["129780747376625381667775847119624228235","227068836745747627774619749071608887311","34225397560487323254076009200324745625","106117018631478627825106329696271503556"]},"signature_type":"Line","deprecated":false,"target":{"file":"rdbmp.c"},"id":"CVE-2018-1152-29506a03"},{"source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6","signature_version":"v1","signature_type":"Function","digest":{"length":5452,"function_hash":"184743128116255845782783724918916497301"},"deprecated":false,"target":{"file":"rdbmp.c","function":"start_input_bmp"},"id":"CVE-2018-1152-47a62e9f"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}