CVE-2018-20846

MEDIUM

OpenJPEG < 2.3.0 - Denial of Service via Out-of-Bounds Access in pi.c Functions

Title source: llm
STIX 2.1

Description

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

References (2)

Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108921

Scores

CVSS v3 6.5
EPSS 0.0217
EPSS Percentile 80.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
uclouvain/openjpeg < 2.3.0
Published Jun 26, 2019
Tracked Since Feb 18, 2026