CVE-2018-20847
Published: 26 June 2019
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
From the Ubuntu Security Team
It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code.
Notes
Author | Note |
---|---|
ebarretto | Marking emscripten ignored as openjpeg2 code is only for test/example. |
ccdm94 | it seems like commit c58df149900 (for version 2.3.1) is very similar to commit 2d24b6000d (for version 2.1.1). This second commit is also the fix for CVE-2015-1239, which means these issues are both solved by, very similar commits, however, the changes seem to be applied to |
cccdm94 | different functions in each commit. |
eslerm | 5d00b719 (2015-01-15), 2d24b60 (2015-02-02), and c58df14 (2018-11-28) |
elserm | The latter regressed CVE-2018-20846, see PR 1168 |
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
blender Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
emscripten Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
cosmic |
Ignored
|
|
disco |
Ignored
|
|
eoan |
Ignored
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Ignored
|
|
impish |
Ignored
|
|
jammy |
Ignored
|
|
kinetic |
Ignored
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system openjpeg)
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Not vulnerable
(uses system openjpeg)
|
|
eoan |
Not vulnerable
(uses system openjpeg)
|
|
focal |
Not vulnerable
(uses system openjpeg)
|
|
groovy |
Not vulnerable
(uses system openjpeg)
|
|
hirsute |
Not vulnerable
(uses system openjpeg)
|
|
impish |
Not vulnerable
(uses system openjpeg)
|
|
jammy |
Not vulnerable
(uses system openjpeg)
|
|
kinetic |
Not vulnerable
(uses system openjpeg)
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(uses system openjpeg)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system openjpeg)
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.3.1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
impish |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.3.1, 2.1.0-2+deb8u7)
|
|
xenial |
Released
(2.1.2-1.1+deb9u5build0.16.04.1)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847
- https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
- https://github.com/uclouvain/openjpeg/issues/431
- https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845
- https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html
- https://ubuntu.com/security/notices/USN-4497-1
- NVD
- Launchpad
- Debian