CVE-2018-20846 log

Source
Severity Low
Remote Yes
Type Denial of service
Description 
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG 2.4.0 allow remote attackers to cause a denial of service (application crash).
Group Package Affected Fixed Severity Status Ticket
AVG-1390 openjpeg2 2.4.0-1 2.5.0-1 Medium Fixed
References 
https://github.com/uclouvain/openjpeg/pull/1168
https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
https://github.com/uclouvain/openjpeg/commit/e1740e7ce79d0a1676db4da0f4189b64e85f52cb
Notes 
Attempted fix in upstream commit c277159986c80142180fbe5efb256bbf3bdf3edc, which was reverted by commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb because it did not compile. The issue remains currently unfixed as of OpenJPEG 2.4.0.