{
  "threat_severity" : "Low",
  "public_date" : "2019-06-26T00:00:00Z",
  "bugzilla" : {
    "description" : "openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c",
    "id" : "1728509",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1728509"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow." ],
  "statement" : "This issue did not affect the versions of openjpeg as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code, due to an older version of the tool being shipped.\nThis issue did not affect the versions of openjpeg2 as shipped with Red Hat Enterprise Linux 7 as they already contain the patched code.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4251",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "openjpeg2-0:2.4.0-4.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "openjpeg",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "openjpeg",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "openjpeg2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-20847\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20847" ],
  "name" : "CVE-2018-20847",
  "csaw" : false
}