CVE-2018-20847
Published: 26 June 2019
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
From the Ubuntu Security Team
It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code.
Notes
| Author | Note |
|---|---|
| ebarretto | Marking emscripten ignored as openjpeg2 code is only for test/example. |
| ccdm94 | it seems like commit c58df149900 (for version 2.3.1) is very similar to commit 2d24b6000d (for version 2.1.1). This second commit is also the fix for CVE-2015-1239, which means these issues are both solved by, very similar commits, however, the changes seem to be applied to |
| cccdm94 | different functions in each commit. |
| eslerm | 5d00b719 (2015-01-15), 2d24b60 (2015-02-02), and c58df14 (2018-11-28) |
| elserm | The latter regressed CVE-2018-20846, see PR 1168 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
texmaker Launchpad, Ubuntu, Debian |
groovy |
Ignored
(end of life)
|
| hirsute |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
blender Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| upstream |
Needs triage
|
|
| trusty |
Does not exist
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
|
| jammy |
Not vulnerable
|
|
| upstream |
Released
(2.3.1, 2.1.0-2+deb8u7)
|
|
| kinetic |
Not vulnerable
|
|
| lunar |
Not vulnerable
|
|
| bionic |
Not vulnerable
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
|
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(2.1.2-1.1+deb9u5build0.16.04.1)
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
|
gdcm Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(uses system openjpeg)
|
| jammy |
Not vulnerable
(uses system openjpeg)
|
|
| kinetic |
Not vulnerable
(uses system openjpeg)
|
|
| lunar |
Not vulnerable
(uses system openjpeg)
|
|
| bionic |
Not vulnerable
(uses system openjpeg)
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(uses system openjpeg)
|
|
| eoan |
Not vulnerable
(uses system openjpeg)
|
|
| focal |
Not vulnerable
(uses system openjpeg)
|
|
| groovy |
Not vulnerable
(uses system openjpeg)
|
|
| impish |
Not vulnerable
(uses system openjpeg)
|
|
| trusty |
Not vulnerable
(uses system openjpeg)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system openjpeg)
|
|
|
emscripten Launchpad, Ubuntu, Debian |
hirsute |
Ignored
|
| jammy |
Ignored
|
|
| bionic |
Ignored
|
|
| cosmic |
Ignored
|
|
| disco |
Ignored
|
|
| kinetic |
Ignored
|
|
| lunar |
Ignored
|
|
| eoan |
Ignored
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Ignored
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| upstream |
Released
(2.3.1)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847
- https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
- https://github.com/uclouvain/openjpeg/issues/431
- https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845
- https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html
- https://ubuntu.com/security/notices/USN-4497-1
- NVD
- Launchpad
- Debian