advisories/24565.adv

type: security
subject: Updated libjpeg packages fix security vulnerability
CVE:
 - CVE-2018-14498
src:
  6:
   core:
     - libjpeg-1.5.1-1.3.mga6
description: |
  get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through
  3.3.1 allows attackers to cause a denial of service (heap-based buffer
  over-read and application crash) via a crafted 8-bit BMP in which one or
  more of the color indices is out of range for the number of palette
  entries. (CVE-2018-14498)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24565
 - http://lists.suse.com/pipermail/sle-security-updates/2019-March/005227.html
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
ID: MGASA-2019-0132
1	davidwhodgins	8418	type: security
2			subject: Updated libjpeg packages fix security vulnerability
3			CVE:
4			- CVE-2018-14498
5			src:
6			6:
7			core:
8			- libjpeg-1.5.1-1.3.mga6
9			description: \|
10			get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through
11			3.3.1 allows attackers to cause a denial of service (heap-based buffer
12			over-read and application crash) via a crafted 8-bit BMP in which one or
13			more of the color indices is out of range for the number of palette
14			entries. (CVE-2018-14498)
15			references:
16			- https://bugs.mageia.org/show_bug.cgi?id=24565
17			- http://lists.suse.com/pipermail/sle-security-updates/2019-March/005227.html
18			- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F7YP4QUEYGHI4Q7GIAVFVKWQ7DJMBYLU/
19	tmb	8433	ID: MGASA-2019-0132