Your submission was sent successfully! Close

CVE-2018-20845

Published: 26 June 2019

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

From the Ubuntu security team

It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
emscripten
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored

disco Ignored

eoan Ignored

focal Does not exist

groovy Does not exist

hirsute Ignored

impish Ignored

jammy Ignored

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored

gdcm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system openjpeg)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(uses system openjpeg)
eoan Not vulnerable
(uses system openjpeg)
focal Not vulnerable
(uses system openjpeg)
groovy Not vulnerable
(uses system openjpeg)
hirsute Not vulnerable
(uses system openjpeg)
impish Not vulnerable
(uses system openjpeg)
jammy Not vulnerable
(uses system openjpeg)
precise Does not exist

trusty Not vulnerable
(uses system openjpeg)
upstream Needs triage

xenial Not vulnerable
(uses system openjpeg)
insighttoolkit4
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
openjpeg2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(2.3.1-1)
groovy Not vulnerable
(2.3.1-1)
hirsute Not vulnerable
(2.3.1-1)
impish Not vulnerable
(2.3.1-1)
jammy Not vulnerable
(2.3.1-1)
precise Does not exist

trusty Does not exist

upstream
Released (2.3.1)
xenial Not vulnerable
(code not compiled)
qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)

Notes

AuthorNote
ebarretto
Marking emscripten ignored as openjpeg2 code is only for test/example.
mdeslaur
Ubuntu openjpeg2 packages are built with BUILD_MJ2:BOOL=OFF, so
the vulnerable code is not compiled

References

Bugs