Division-by-Zero Vulnerability in OpenJPEG Affects Remote Execution Capabilities
CVE-2018-20845

6.5MEDIUM

Key Information:

Vendor: Uclouvain
Status: Openjpeg
Vendor: CVE Published:; 26 June 2019

What is CVE-2018-20845?

A division-by-zero vulnerability exists in the OpenJPEG library within the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl, allowing remote attackers to exploit this flaw. Successful exploitation can lead to denial of service, potentially causing applications to crash unexpectedly. It's crucial for users of OpenJPEG versions up to 2.3.0 to apply the necessary patches to mitigate the risks associated with this vulnerability.

References

https://github.com/uclouvain/openjpeg/pull/1168/commits/c...

x_refsource_MISC

http://www.securityfocus.com/bid/108921

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2019
Vulnerability Reserved
Jun 26, 2019

CVE-2018-20845 Data

JSON

Uclouvain

What is CVE-2018-20845?

References

CVSS V3.1

Timeline