Mozilla - Mozjpeg CVE

Filtered by vendor Mozilla Subscribe

Filtered by product Mozjpeg

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-14498	5 Debian, Fedoraproject, Libjpeg-turbo and 2 more	5 Debian Linux, Fedora, Libjpeg-turbo and 2 more	2020-07-31	4.3 MEDIUM	6.5 MEDIUM
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

Vulnerabilities (CVE)