CVE-2018-20846
Published: 26 June 2019
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
Notes
| Author | Note |
|---|---|
| ebarretto | Marking emscripten ignored as openjpeg2 code is only for test/example. |
| emitorino | Debian binary packages built with BUILD_MJ2:BOOL=OFF According to https://github.com/uclouvain/openjpeg/pull/1168#commitcomment-32961642 the patch https://github.com/uclouvain/openjpeg/commit/e1740e7ce79d0a1676db4da0f4189b64e85f52cb was reverted because it did not compile. Code is not present in upstream master anymore |
| mdeslaur | Ubuntu packages are built with BUILD_MJ2:BOOL=OFF, so the affected code isn't compiled |
| ccdm94 | according to the comments available in issue 1328 of openjpeg (https://github.com/uclouvain/openjpeg/issues/1328), this issue will not be fixed by upstream, as the vulnerable components were simply removed from the code in pull request #1350. For this reason, xenial and trusty cannot be patched for this issue in package openjpeg. There was a patch available, which was commit c277159986c, however, it did not compile, and therefore was reverted by upstream. No new fixes for this issue were made available, the solution apparently being the removal of the code that contains the vulnerability. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
blender Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| upstream |
Needs triage
|
|
| trusty |
Does not exist
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| groovy |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
|
emscripten Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| cosmic |
Ignored
|
|
| disco |
Ignored
|
|
| eoan |
Ignored
|
|
| focal |
Does not exist
|
|
| impish |
Ignored
|
|
| groovy |
Does not exist
|
|
| jammy |
Ignored
|
|
| kinetic |
Ignored
|
|
| hirsute |
Ignored
|
|
| lunar |
Ignored
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| groovy |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| groovy |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
texmaker Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| groovy |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gdcm Launchpad, Ubuntu, Debian |
groovy |
Not vulnerable
(uses system openjpeg)
|
| jammy |
Not vulnerable
(uses system openjpeg)
|
|
| kinetic |
Not vulnerable
(uses system openjpeg)
|
|
| bionic |
Not vulnerable
(uses system openjpeg)
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(uses system openjpeg)
|
|
| eoan |
Not vulnerable
(uses system openjpeg)
|
|
| focal |
Not vulnerable
(uses system openjpeg)
|
|
| hirsute |
Not vulnerable
(uses system openjpeg)
|
|
| impish |
Not vulnerable
(uses system openjpeg)
|
|
| lunar |
Not vulnerable
(uses system openjpeg)
|
|
| trusty |
Not vulnerable
(uses system openjpeg)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system openjpeg)
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not built)
|
| focal |
Not vulnerable
(code not built)
|
|
| groovy |
Not vulnerable
(code not built)
|
|
| xenial |
Not vulnerable
(code not built)
|
|
| kinetic |
Not vulnerable
(code not built)
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| hirsute |
Not vulnerable
(code not built)
|
|
| impish |
Not vulnerable
(code not built)
|
|
| jammy |
Not vulnerable
(code not built)
|
|
| lunar |
Not vulnerable
(code not built)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
trusty |
Ignored
(upstream will not patch)
|
| kinetic |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Does not exist
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needed
|
|
| xenial |
Not vulnerable
(code not built)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |