View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-19664 severity low: SUSE including 43 source package names (jpeg, libjpeg, …), 139 product×package rows across 33 product lines (SLES for SAP Applications 11 SP3, SUSE Linux Enterprise Desktop 12 SP3, … (33 product lines)): Known Not Affected 94, Fixed 45.
libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg.