VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 26, 2019· Updated Aug 5, 2024

CVE-2018-20845

CVE-2018-20845

Description

Division-by-zero flaws in OpenJPEG's packet iterator functions allow remote attackers to crash the application via crafted JPEG 2000 images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Division-by-zero flaws in OpenJPEG's packet iterator functions allow remote attackers to crash the application via crafted JPEG 2000 images.

Vulnerability

The division-by-zero vulnerabilities exist in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c of OpenJPEG through version 2.3.0. These functions are part of the packet iterator used during decoding of JPEG 2000 images. When processing crafted image data, the code computes values like rpx = res->pdx + levelno and rpy = res->pdy + levelno without checking for large values that can cause division by zero or undefined behavior on shift operations [1].

Exploitation

An attacker can exploit these vulnerabilities by providing a specially crafted JPEG 2000 image file to an application using OpenJPEG for decoding. No authentication or special privileges are required; the attacker only needs to deliver the malicious file via any vector (e.g., email, web upload). When the decoder processes the image, the vulnerable functions perform divisions by zero, leading to a crash [1].

Impact

Successful exploitation results in a denial of service (application crash). The impact is limited to availability; there is no evidence of code execution or information disclosure from the available references. The crash occurs during decoding, potentially affecting any service or user that processes untrusted JPEG 2000 images with OpenJPEG [1].

Mitigation

The fix was introduced in commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf, which adds checks to skip problematic values when rpx or rpy are >= 31 or when shift operations would cause undefined behavior [1]. Users should update to a version of OpenJPEG that includes this commit (e.g., after 2.3.0). If patching is not possible, avoid processing untrusted JPEG 2000 images. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References
  1. Fix multiple potential vulnerabilities and bugs by YangY-Xiao · Pull Request #1168 · uclouvain/openjpeg

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

42

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Division by zero in multiple functions within pi.c allows for a denial of service."

Attack vector

Remote attackers can trigger a denial of service by providing specially crafted input that leads to a division by zero error in the `pi_next_pcrl`, `pi_next_cprl`, or `pi_next_rpcl` functions. This error causes the application to crash. The vulnerability is present in OpenJPEG through version 2.3.0 [ref_id=1].

Affected code

The vulnerability exists in the `pi_next_pcrl`, `pi_next_cprl`, and `pi_next_rpcl` functions within the `openmj2/pi.c` file. The patch modifies these functions to include checks for potential division by zero scenarios [ref_id=1].

What the fix does

The patch introduces checks to prevent division by zero and undefined behavior related to shifts. Specifically, it adds a condition to ensure that `rpx` and `rpy` are less than 31 and that the shifted values of `comp->dx` and `comp->dy` do not overflow. This prevents the division by zero errors that could lead to a denial of service [ref_id=1].

Preconditions

  • inputSpecially crafted input data that triggers the division by zero.

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.