{"id":"CVE-2018-20847","details":"An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.","modified":"2026-04-11T14:54:26.531506Z","published":"2019-06-26T18:15:10.057Z","related":["ALSA-2021:4251"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108921"},{"type":"REPORT","url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/issues/431"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"last_affected":"081de4b15f54cb4482035b7bf5e3fb443e4bc84b"},{"fixed":"5d00b719f4b93b1445e6fb4c766b9a9883c57949"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.0"}]}}],"versions":["v2.2.0","v2.3.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"opj_get_all_encoding_parameters","file":"src/lib/openjp2/pi.c"},"source":"https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949","signature_version":"v1","deprecated":false,"digest":{"length":2597,"function_hash":"163378792543775124696387571498731229941"},"id":"CVE-2018-20847-09c54e44","signature_type":"Function"},{"target":{"file":"src/lib/openjp2/tcd.c"},"source":"https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["15260350836644213240829099315201793762","173443813093649578680407006076703983292","54709661076326201330083866866759711426","121713522297824452935289107708446190463","165168505138123589767261992393647519663","46878580236153829076650875780653926826","102017304529906639766385571652773303262"],"threshold":0.9},"id":"CVE-2018-20847-5143d364","signature_type":"Line"},{"target":{"file":"src/lib/openjp2/pi.c"},"source":"https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["176615525002015676482656684392522200543","43405247619569204100702115459277374226","117451511473347492792874953304723327335","318359758975478787308868838886806726441","100905172399819142807590137543089589464","327286993796517583159493696502807280184","264804895149057228764343549705254440814"],"threshold":0.9},"id":"CVE-2018-20847-659b2ffd","signature_type":"Line"},{"target":{"function":"opj_tcd_init_tile","file":"src/lib/openjp2/tcd.c"},"source":"https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949","signature_version":"v1","deprecated":false,"digest":{"length":9025,"function_hash":"170610748971508839838692560277608944310"},"id":"CVE-2018-20847-7bd4fd58","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T14:54:26Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20847.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}