CVE-2018-20847
Published: 26 June 2019
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
From the Ubuntu Security Team
It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code.
Notes
Author | Note |
---|---|
ebarretto | Marking emscripten ignored as openjpeg2 code is only for test/example. |
ccdm94 | it seems like commit c58df149900 (for version 2.3.1) is very similar to commit 2d24b6000d (for version 2.1.1). This second commit is also the fix for CVE-2015-1239, which means these issues are both solved by, very similar commits, however, the changes seem to be applied to |
cccdm94 | different functions in each commit. |
eslerm | 5d00b719 (2015-01-15), 2d24b60 (2015-02-02), and c58df14 (2018-11-28) |
elserm | The latter regressed CVE-2018-20846, see PR 1168 |
Priority
Status
Package | Release | Status |
---|---|---|
blender Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
emscripten Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
cosmic |
Ignored
|
|
disco |
Ignored
|
|
eoan |
Ignored
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Ignored
|
|
impish |
Ignored
|
|
jammy |
Ignored
|
|
kinetic |
Ignored
|
|
lunar |
Ignored
|
|
mantic |
Ignored
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system openjpeg)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Not vulnerable
(uses system openjpeg)
|
|
eoan |
Not vulnerable
(uses system openjpeg)
|
|
focal |
Not vulnerable
(uses system openjpeg)
|
|
groovy |
Not vulnerable
(uses system openjpeg)
|
|
hirsute |
Not vulnerable
(uses system openjpeg)
|
|
impish |
Not vulnerable
(uses system openjpeg)
|
|
jammy |
Not vulnerable
(uses system openjpeg)
|
|
kinetic |
Not vulnerable
(uses system openjpeg)
|
|
lunar |
Not vulnerable
(uses system openjpeg)
|
|
mantic |
Not vulnerable
(uses system openjpeg)
|
|
trusty |
Not vulnerable
(uses system openjpeg)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system openjpeg)
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
openjpeg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.3.1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Ignored
(end of life)
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
impish |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
mantic |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.3.1, 2.1.0-2+deb8u7)
|
|
xenial |
Released
(2.1.2-1.1+deb9u5build0.16.04.1)
|
|
Patches: upstream: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845 |
||
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
- https://github.com/uclouvain/openjpeg/issues/431
- https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845
- https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html
- https://ubuntu.com/security/notices/USN-4497-1
- https://www.cve.org/CVERecord?id=CVE-2018-20847
- NVD
- Launchpad
- Debian