CVE-2018-20847

Published: 26 June 2019

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

From the Ubuntu security team

It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
blender Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)
emscripten Launchpad, Ubuntu, Debian	bionic	Ignored
	cosmic	Ignored
	disco	Ignored
	eoan	Ignored
	focal	Does not exist
	groovy	Does not exist
	hirsute	Ignored
	impish	Ignored
	jammy	Ignored
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored
gdcm Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system openjpeg)
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable (uses system openjpeg)
	eoan	Not vulnerable (uses system openjpeg)
	focal	Not vulnerable (uses system openjpeg)
	groovy	Not vulnerable (uses system openjpeg)
	hirsute	Not vulnerable (uses system openjpeg)
	impish	Not vulnerable (uses system openjpeg)
	jammy	Not vulnerable (uses system openjpeg)
	precise	Does not exist
	trusty	Not vulnerable (uses system openjpeg)
	upstream	Needs triage
	xenial	Not vulnerable (uses system openjpeg)
insighttoolkit4 Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)
openjpeg2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (2.1.0-2+deb8u7)
	xenial	Released (2.1.2-1.1+deb9u5build0.16.04.1)
qtwebengine-opensource-src Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
texmaker Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)

Notes

Author	Note
ebarretto	Marking emscripten ignored as openjpeg2 code is only for test/example.

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931294

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›