Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-20847
HistoryJun 26, 2019 - 12:00 a.m.

CVE-2018-20847

2019-06-2600:00:00
ubuntu.com
ubuntu.com
10

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.017 Low

EPSS

Percentile

87.9%

JSON

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function
opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can
lead to an integer overflow.

Bugs

Notes

Author Note
ebarretto Marking emscripten ignored as openjpeg2 code is only for test/example.
ccdm94 it seems like commit c58df149900 (for version 2.3.1) is very similar to commit 2d24b6000d (for version 2.1.1). This second commit is also the fix for CVE-2015-1239, which means these issues are both solved by, very similar commits, however, the changes seem to be applied to
cccdm94 different functions in each commit.
eslerm 5d00b719 (2015-01-15), 2d24b60 (2015-02-02), and c58df14 (2018-11-28)
elserm The latter regressed CVE-2018-20846, see PR 1168

Related

openvas 11
debian 2
nessus 16
nvd 3
redhatcve 2
ubuntucve 2
cve 3
osv 7
veracode 2
cvelist 3
debiancve 3
prion 3
suse 2
altlinux 1
ubuntu 1
almalinux 1
redhat 2
rocky 1
oraclelinux 1
amazon 1
openvas
openvas
Debian: Security Advisory (DLA-1851-1)
2019-07-11 00:00:00
Debian: Security Advisory (DLA-1433-1)
2018-07-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1364-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DLA 1851-1] openjpeg2 security update
2019-07-10 18:17:41
[SECURITY] [DLA 1433-1] openjpeg2 security update
2018-07-19 20:29:10
nessus
nessus
Debian DLA-1851-1 : openjpeg2 security update
2019-07-11 00:00:00
Debian DLA-1433-1 : openjpeg2 security update
2018-07-20 00:00:00
RHEL 8 : openjpeg (Unpatched Vulnerability)
2024-06-03 00:00:00
nvd
nvd
CVE-2018-20846
2019-06-26 18:15:10
CVE-2015-1239
2017-10-18 17:29:00
CVE-2018-20847
2019-06-26 18:15:10
redhatcve
redhatcve
CVE-2018-20847
2020-03-02 13:32:34
CVE-2018-20846
2020-03-29 02:03:43
ubuntucve
ubuntucve
CVE-2018-20846
2019-06-26 00:00:00
CVE-2015-1239
2017-10-18 00:00:00
cve
cve
CVE-2018-20846
2019-06-26 18:15:10
CVE-2015-1239
2017-10-18 17:29:00
CVE-2018-20847
2019-06-26 18:15:10
osv
osv
CVE-2018-20847
2019-06-26 18:15:10
CVE-2018-20846
2019-06-26 18:15:10
openjpeg2 - security update
2018-07-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-06-27 02:53:46
Open Redirect
2019-06-27 04:29:14
cvelist
cvelist
CVE-2018-20847
2019-06-26 17:07:43
CVE-2018-20846
2019-06-26 17:07:35
CVE-2015-1239
2017-10-18 17:00:00
debiancve
debiancve
CVE-2018-20846
2019-06-26 18:15:10
CVE-2015-1239
2017-10-18 17:29:00
CVE-2018-20847
2019-06-26 18:15:10
prion
prion
Integer overflow
2019-06-26 18:15:00
Design/Logic Flaw
2019-06-26 18:15:00
Double free
2017-10-18 17:29:00
suse
suse
Security update for openjpeg2 (moderate)
2018-05-23 15:07:57
Security update for openjpeg2 (important)
2022-10-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libopenjpeg2.0 version 2.5.0-alt1
2022-05-18 00:00:00
ubuntu
ubuntu
OpenJPEG vulnerabilities
2020-09-15 00:00:00
almalinux
almalinux
Moderate: openjpeg2 security update
2021-11-09 08:51:11
redhat
redhat
(RHSA-2021:4251) Moderate: openjpeg2 security update
2021-11-09 08:51:11
(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
2022-01-20 06:27:36
rocky
rocky
openjpeg2 security update
2021-11-09 08:51:11
oraclelinux
oraclelinux
openjpeg2 security update
2021-11-16 00:00:00
amazon
amazon
Medium: openjpeg2
2022-01-18 21:37:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for UB:CVE-2018-20847
openvas11debian2nessus16nvd3redhatcve2ubuntucve2cve3osv7veracode2cvelist3debiancve3prion3suse2altlinux1ubuntu1almalinux1redhat2rocky1oraclelinux1amazon1