OpenJPEG before 2.3.1 has a heap buffer overflow in colorapplyicc_profile in bin/common/color.c.
{ "vanir_signatures": [ { "signature_type": "Line", "id": "CVE-2018-21010-16e574a7", "source": "https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea", "deprecated": false, "signature_version": "v1", "target": { "file": "src/bin/common/color.c" }, "digest": { "line_hashes": [ "47772986423275944948129387740378959748", "205748424800095807526570439468686203929", "311212710083938358638417075780320992282", "13845996517696402041291325485194756521", "232034462384640403651731608255195773281", "260035379454205935624654794521312315561", "27759279588051978015740535400210265005", "24887882373412726135602646506894525370", "10796914929716296175201449165596947575", "210927989779164417464137647003868472755", "160776532049488125440815871690663048169", "296789431730108481029949790463180491645", "211630102750653992397075884111426201760", "45072898588808494368736867557010706522", "187357730233943923627195889501389262807", "18114862465483823227445671054192736037", "32977918220178411040624988570409498907", "154346496108818336977911423640308731000", "280905759675619092679285625124901276488", "265498822902519309421227408500631555967", "277080353820867427640166991470715053339", "211630102750653992397075884111426201760", "82026733997208869923982752454371346838", "233974658630491624153646875549529329671", "151172523150507511277390429814071198607", "231252402362125044599127783695202301038", "113308147506768385034458147111247690185", "76146420620240622652158139798106522380", "228630602540866455030758235740298016390", "120750669731829277520980204948569330498", "109451196913446605897293240902573639350", "17407463850010632372209515990872031218", "191951910983718499554776888884780843443", "76954929910805505068933795025888937249", "99618613372891725581721000891204504777", "180620412410529278479013507171956707920", "213435621004669630972044136455783277441", "298320697987736938007771825131292495308", "265495701817522015175446458566787246427", "108016489492950703904379036496720397977", "8677741571317082609543726576800599073", "296789431730108481029949790463180491645", "211630102750653992397075884111426201760", "44497727351483186019103832198962477616", "59120822791411335295321191655897392750", "302064298161111932100911413517165003495", "249450554219199452433629851869756072647", "257660251622353207407650709361295596847", "68384279721278417397411680451267629008", "265498822902519309421227408500631555967", "277080353820867427640166991470715053339", "338490487351861577552554114094685004680", "3761531053253518297421411850467532774", "38296037108315816685757152490174175399", "119925681653977753993684191719868672081", "231252402362125044599127783695202301038", "113308147506768385034458147111247690185", "127735398500339678563617993092869890664", "131283023038667967207233783990652932135", "175770028656615546704640618258824141075", "62279842121833707728953447108438360793", "289100919150289420899954891348132595647", "99378679856880236086246357496976517378" ], "threshold": 0.9 } }, { "signature_type": "Function", "id": "CVE-2018-21010-859200bb", "source": "https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea", "deprecated": false, "signature_version": "v1", "target": { "function": "color_apply_icc_profile", "file": "src/bin/common/color.c" }, "digest": { "length": 7936.0, "function_hash": "206676380706185999110114411288142323234" } } ] }