libjpeg-turbo get_8bit_row Heap-Based Buffer Over-Read Denial of Service Vulnerability

A vulnerability in the get_8bit_row function of libjpeg-turbo could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the get_8bit_row function, as defined in the rdbmp.c source code file of the affected software, and is due to improper processing of 8-bit .bmp files in which one or more of the color indices is out of range for the number of palette entries. An attacker could exploit this vulnerability by persuading a user to access an 8-bit .bmp file that submits malicious input to the targeted system. A successful exploit could trigger a heap-based buffer over-read condition that causes the affected software to crash, resulting in a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

libjpeg-turbo has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-14498

Source:: Cisco Multivendor Vulnerability Alerts