2 matches found
CVE-2018-14498
CVE-2018-14498 affects libjpeg-turbo (and MozJPEG) where get_8bit_row in rdbmp.c is vulnerable to a heap-based buffer over-read when processing a crafted 8-bit BMP, allowing denial of service. The issue exists in libjpeg-turbo up to version 1.5.90 and MozJPEG up to 3.3.1. Affected products: libjp...
CVE-2020-13790
CVE-2020-13790 affects libjpeg-turbo (2.0.4) and mozjpeg (4.0.0) with a heap-based buffer over-read in get_rgb_row() in rdppm.c triggered by a malformed PPM input file. Public advisories document this as a validated vulnerability with partial confidentiality and partial availability impact (NVD C...