Out-of-Bounds Access in OpenJPEG Affects Multiple Versions
CVE-2018-20846

6.5MEDIUM

Key Information:

Vendor: Uclouvain
Status: Openjpeg
Vendor: CVE Published:; 26 June 2019

What is CVE-2018-20846?

The OpenJPEG library, specifically in the pi.c functions, has an issue with out-of-bounds accesses that can be exploited by remote attackers. By crafting specific input, these attackers may trigger application crashes, resulting in a denial of service. This vulnerability affects all versions up to 2.3.0 of OpenJPEG, making it essential for users to upgrade to the latest version or apply necessary patches to protect against potential exploitation.

References

https://github.com/uclouvain/openjpeg/pull/1168/commits/c...

x_refsource_MISC

http://www.securityfocus.com/bid/108921

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2019
Vulnerability Reserved
Jun 26, 2019

CVE-2018-20846 Data

JSON

Uclouvain

What is CVE-2018-20846?

References

CVSS V3.1

Timeline