CVE-2018-20330

Name
CVE-2018-20330
Description
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
UBUNTU https://usn.ubuntu.com/4190-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.1:*:*:*:*:*:*:* libjpeg-turbo == None == 2.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status