VDB

CVE-2018-20846

CVE-2018-20846 PUBLISHED

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

EPSS 0.46% · 64.3th percentile

Risk Scores

EPSS Score
0.46%
64.3th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSblender0, 2.76.b+dfsg0-3build1, 2.76.b+dfsg0-3
Ubuntu:18.04:LTSqtwebengine-opensource-src5.9.4+dfsg-0ubuntu1, 0, 5.9.1+dfsg-4
Ubuntu:18.04:LTSemscripten0, 1.22.1-1build1
Ubuntu:22.04:LTSinsighttoolkit40, 4.13.3withdata-dfsg2-1ubuntu1, 4.13.3withdata-dfsg1-4.1
Ubuntu:20.04:LTSqtwebengine-opensource-src5.12.5+dfsg-7build1, 5.12.8+dfsg-0ubuntu1.1, 0
Ubuntu:16.04:LTSemscripten1.22.1-1build1, 0
Ubuntu:18.04:LTSblender*, 0, 2.78.c+dfsg0-2build1
Ubuntu:22.04:LTSqtwebengine-opensource-src5.15.9+dfsg-1, 0, *
Ubuntu:20.04:LTSblender0, 2.82+dfsg-1, 2.81.a+dfsg-5build3
Ubuntu:25.10qtwebengine-opensource-src*, 5.15.19+dfsg2-1, 5.15.18+dfsg-2build1
Ubuntu:22.04:LTSemscripten*, 0, 2.0.13~dfsg-1
Ubuntu:24.04:LTSqtwebengine-opensource-src0, 5.15.16+dfsg-3, *
Ubuntu:20.04:LTSinsighttoolkit4*, 4.13.2-dfsg1-6ubuntu1, *
Ubuntu:24.04:LTSemscripten*, 0, 3.1.6~dfsg-6
Ubuntu:25.10blender4.3.2+dfsg-2ubuntu2, 0, 4.3.2+dfsg-2
Ubuntu:22.04:LTSblender*, 0, 2.93.5+dfsg-1
Ubuntu:24.04:LTStexmaker*, 0, 5.1.3+dfsg-1build4
Ubuntu:14.04:LTSopenjpeg1.3+dfsg-4.7ubuntu1, *, 0
Ubuntu:16.04:LTStexmaker0, 4.4.1-1.1, 4.4.1-1
Ubuntu:22.04:LTStexmaker5.0.3-1build9, 5.0.3-1build8, 0

…and 7 more

Timeline

  • Jun 26, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›