Your submission was sent successfully! Close

CVE-2018-20847

Published: 26 June 2019

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

From the Ubuntu security team

It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
emscripten
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored

disco Ignored

eoan Ignored

focal Does not exist

groovy Does not exist

hirsute Ignored

impish Ignored

jammy Ignored

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored

gdcm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system openjpeg)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(uses system openjpeg)
eoan Not vulnerable
(uses system openjpeg)
focal Not vulnerable
(uses system openjpeg)
groovy Not vulnerable
(uses system openjpeg)
hirsute Not vulnerable
(uses system openjpeg)
impish Not vulnerable
(uses system openjpeg)
jammy Not vulnerable
(uses system openjpeg)
precise Does not exist

trusty Not vulnerable
(uses system openjpeg)
upstream Needs triage

xenial Not vulnerable
(uses system openjpeg)
insighttoolkit4
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
openjpeg2
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Ignored
(reached end-of-life)
disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Does not exist

upstream
Released (2.1.0-2+deb8u7)
xenial
Released (2.1.2-1.1+deb9u5build0.16.04.1)
qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)