{"id":"CVE-2018-14498","details":"get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.","modified":"2026-04-16T04:39:33.733305378Z","published":"2019-03-07T23:29:00.487Z","related":["ALSA-2019:3705","SUSE-SU-2019:0711-1","SUSE-SU-2019:1111-1","openSUSE-SU-2019:1118-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/"},{"type":"WEB","url":"https://usn.ubuntu.com/4190-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00015.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00033.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2052"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3705"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00015.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00021.html"},{"type":"FIX","url":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55"},{"type":"EVIDENCE","url":"https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258"},{"type":"EVIDENCE","url":"https://github.com/mozilla/mozjpeg/issues/299"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libjpeg-turbo/libjpeg-turbo","events":[{"introduced":"0"},{"last_affected":"c80ddef7a4ce21ace9e3ca0fd190d320cc8cdaeb"},{"fixed":"9c78a04df4e44ef6487eee99c4258397f4fdca55"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.90"}]}},{"type":"GIT","repo":"https://github.com/mozilla/mozjpeg","events":[{"introduced":"0"},{"last_affected":"f154ccc091cbc22141cdfd531e5ad1fdc5bc53c7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.1"}]}}],"versions":["0.0.90","0.0.91","0.0.93","1.0.0","1.0.1","1.0.90","1.1.90","1.2.90","1.3.90","1.4.90","1.5.0","1.5.90","jpeg-1","jpeg-2","jpeg-3","jpeg-4","jpeg-4a","jpeg-5","jpeg-5a","jpeg-5b","jpeg-6","jpeg-6a","jpeg-6b","v3.2","v3.2-pre","v3.3.1"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"57628237145917201070809028689698663481","length":1801},"deprecated":false,"signature_version":"v1","target":{"function":"get_8bit_row","file":"rdbmp.c"},"signature_type":"Function","source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","id":"CVE-2018-14498-1f50e2e7"},{"digest":{"line_hashes":["129780747376625381667775847119624228235","328600578745973167556400485905618726976","170436885369060441149448052659487160923","117440962523410170857108027805025720393","31976223103563050684482363246367646573","300056999121453086585288838781880797672","225394901281595708980744754455453482337","205480306782708094090517710031626063668","35838988825856595526130268724398837925","210530536332015901362498335665631684423","280154164308718793257922505334616410144","65874605360759056741250530971195017940","173656375100962011717549215949312699316","146509309005061226042985356908931352163","269129494731401228814592157259077323940","101498173229517409756224590820600927379","97778602196456089108842131542423566095","44317727313169449603624525037779495377","115947554540060806411118423610295105326","83882701796407023467303891444133605120","128273784687960428804726503991789571844","75877921457526704196381315640667691030","142190866947194731285492720352609311325","102456799056926246047931133720169963975","128273784687960428804726503991789571844","75877921457526704196381315640667691030","133755758464384994347585571612304580123","270423075948143384548535391758075525186","65127662962938786388932411098076696971","310800698611811303680157673744065988969"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","target":{"file":"rdbmp.c"},"id":"CVE-2018-14498-2983f6c1","source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","deprecated":false},{"digest":{"function_hash":"334674020903279258554649052858881713283","length":5597},"deprecated":false,"signature_version":"v1","target":{"function":"start_input_bmp","file":"rdbmp.c"},"id":"CVE-2018-14498-3227ede6","source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","signature_type":"Function"},{"digest":{"function_hash":"131962944760936245935740527563052180283","length":926},"signature_type":"Function","signature_version":"v1","target":{"function":"get_word_rgb_row","file":"rdppm.c"},"id":"CVE-2018-14498-3e49c460","source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","deprecated":false},{"digest":{"function_hash":"283476359615301270041658333819234337277","length":535},"signature_type":"Function","signature_version":"v1","target":{"function":"read_pbm_integer","file":"rdppm.c"},"id":"CVE-2018-14498-5e231f4c","source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","deprecated":false},{"digest":{"line_hashes":["178591537180509382090973936807719468140","74349518865376776322195492749302674016","59261346440716280695570748548750245054","324524211780650694505505189927715663473","220072139633242222566321780574733896575","326584459579562439001989687463896659764","322522772737926519743618726849426243598","289996983958759398731289723120463445117","148309034405190271075320742742642763531","273678173811343076320434666359952235172"],"threshold":0.9},"source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","signature_version":"v1","target":{"file":"cderror.h"},"id":"CVE-2018-14498-b9db6276","deprecated":false,"signature_type":"Line"},{"digest":{"function_hash":"103727246899443513708253591313056915447","length":628},"signature_type":"Function","signature_version":"v1","target":{"function":"get_word_gray_row","file":"rdppm.c"},"id":"CVE-2018-14498-bf5d16f9","deprecated":false,"source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55"},{"digest":{"line_hashes":["231324369317310995202150982444405021602","97322255211350089845190211463521698747","159345671789277751261255044789720259367","20435950778292457301762546759254173221","104920465190101092907460319177071965263","237547477320708766852161039470051506692","288761321431152295633092240200739682582","288977527907952925832300625259167401475","262482125011024512086500019913010637445","49342455958502237845931013184645159175","236309143630896410383418698330561651602","89046228840064294020652135166409699236","262482125011024512086500019913010637445","49342455958502237845931013184645159175","177468550970662482367707305600988756598","285515278190137896547622516642734585658","277312511432121514880445334256442317583","262482125011024512086500019913010637445","49342455958502237845931013184645159175","177468550970662482367707305600988756598","285515278190137896547622516642734585658","277312511432121514880445334256442317583","262482125011024512086500019913010637445","49342455958502237845931013184645159175","236309143630896410383418698330561651602","89046228840064294020652135166409699236"],"threshold":0.9},"source":"https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55","signature_version":"v1","target":{"file":"rdppm.c"},"id":"CVE-2018-14498-fa7e0027","deprecated":false,"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T12:27:29Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14498.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}