6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.9%
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function
opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can
lead to an integer overflow.
Author | Note |
---|---|
ebarretto | Marking emscripten ignored as openjpeg2 code is only for test/example. |
ccdm94 | it seems like commit c58df149900 (for version 2.3.1) is very similar to commit 2d24b6000d (for version 2.1.1). This second commit is also the fix for CVE-2015-1239, which means these issues are both solved by, very similar commits, however, the changes seem to be applied to |
cccdm94 | different functions in each commit. |
eslerm | 5d00b719 (2015-01-15), 2d24b60 (2015-02-02), and c58df14 (2018-11-28) |
elserm | The latter regressed CVE-2018-20846, see PR 1168 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 20.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 22.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 23.10 | noarch | blender | < any | UNKNOWN |
ubuntu | 24.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 16.04 | noarch | blender | < any | UNKNOWN |
ubuntu | 18.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | insighttoolkit4 | < any | UNKNOWN |
github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
github.com/uclouvain/openjpeg/issues/431
github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845
launchpad.net/bugs/cve/CVE-2018-20847
lists.debian.org/debian-lts-announce/2019/07/msg00010.html
nvd.nist.gov/vuln/detail/CVE-2018-20847
security-tracker.debian.org/tracker/CVE-2018-20847
ubuntu.com/security/notices/USN-4497-1
www.cve.org/CVERecord?id=CVE-2018-20847
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.9%