CVE-2018-20846 - log back

CVE-2018-20846 edited at 02 Jan 2021 11:19:49
Severity
- Medium
+ Low
CVE-2018-20846 edited at 29 Dec 2020 11:09:58
Description
- Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.1 allow remote attackers to cause a denial of service (application crash).
+ Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG 2.4.0 allow remote attackers to cause a denial of service (application crash).
Notes
- Attempted fix in upstream commit c277159986c80142180fbe5efb256bbf3bdf3edc, which was reverted by commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb because it did not compile. The issue remains currently unfixed as of OpenJPEG 2.3.1.
+ Attempted fix in upstream commit c277159986c80142180fbe5efb256bbf3bdf3edc, which was reverted by commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb because it did not compile. The issue remains currently unfixed as of OpenJPEG 2.4.0.
CVE-2018-20846 edited at 10 Dec 2020 14:08:29
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.1 allow remote attackers to cause a denial of service (application crash).
References
+ https://github.com/uclouvain/openjpeg/pull/1168
+ https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
+ https://github.com/uclouvain/openjpeg/commit/e1740e7ce79d0a1676db4da0f4189b64e85f52cb
Notes
+ Attempted fix in upstream commit c277159986c80142180fbe5efb256bbf3bdf3edc, which was reverted by commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb because it did not compile. The issue remains currently unfixed as of OpenJPEG 2.3.1.
CVE-2018-20846 created at 10 Dec 2020 14:04:52
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes