get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libjpeg-turbo | 2019-09-13 22:58 | ALAS-2019-1286 |
Amazon Linux 2 - Core | libjpeg-turbo | 2019-11-04 22:23 | ALAS2-2019-1350 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 4.4 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L |
NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
NVD | CVSSv3 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |