CVE-2018-20846 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-20846

CVE-2018-20846

Published:June 26, 2019

Updated:May 17, 2026

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Related Resources (4)

https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20846

http://www.securityfocus.com/bid/108921

https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc

https://access.redhat.com/security/cve/CVE-2018-20846

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Improper Input Validation

CWE-20

EPSS

Base Score:

0.46