CVE-2018-21010

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-21010
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-21010.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-21010
Downstream
Related
Published
2019-09-05T13:15:10Z
Modified
2025-10-15T09:34:22.167501Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenJPEG before 2.3.1 has a heap buffer overflow in colorapplyicc_profile in bin/common/color.c.

References

Affected packages

Git / github.com/uclouvain/openjpeg

Affected ranges

Type
GIT
Repo
https://github.com/uclouvain/openjpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2e5ab1d9987831c981ff05862e8ccf1381ed58ea

Affected versions

v2.*

v2.2.0
v2.3.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "47772986423275944948129387740378959748",
                "205748424800095807526570439468686203929",
                "311212710083938358638417075780320992282",
                "13845996517696402041291325485194756521",
                "232034462384640403651731608255195773281",
                "260035379454205935624654794521312315561",
                "27759279588051978015740535400210265005",
                "24887882373412726135602646506894525370",
                "10796914929716296175201449165596947575",
                "210927989779164417464137647003868472755",
                "160776532049488125440815871690663048169",
                "296789431730108481029949790463180491645",
                "211630102750653992397075884111426201760",
                "45072898588808494368736867557010706522",
                "187357730233943923627195889501389262807",
                "18114862465483823227445671054192736037",
                "32977918220178411040624988570409498907",
                "154346496108818336977911423640308731000",
                "280905759675619092679285625124901276488",
                "265498822902519309421227408500631555967",
                "277080353820867427640166991470715053339",
                "211630102750653992397075884111426201760",
                "82026733997208869923982752454371346838",
                "233974658630491624153646875549529329671",
                "151172523150507511277390429814071198607",
                "231252402362125044599127783695202301038",
                "113308147506768385034458147111247690185",
                "76146420620240622652158139798106522380",
                "228630602540866455030758235740298016390",
                "120750669731829277520980204948569330498",
                "109451196913446605897293240902573639350",
                "17407463850010632372209515990872031218",
                "191951910983718499554776888884780843443",
                "76954929910805505068933795025888937249",
                "99618613372891725581721000891204504777",
                "180620412410529278479013507171956707920",
                "213435621004669630972044136455783277441",
                "298320697987736938007771825131292495308",
                "265495701817522015175446458566787246427",
                "108016489492950703904379036496720397977",
                "8677741571317082609543726576800599073",
                "296789431730108481029949790463180491645",
                "211630102750653992397075884111426201760",
                "44497727351483186019103832198962477616",
                "59120822791411335295321191655897392750",
                "302064298161111932100911413517165003495",
                "249450554219199452433629851869756072647",
                "257660251622353207407650709361295596847",
                "68384279721278417397411680451267629008",
                "265498822902519309421227408500631555967",
                "277080353820867427640166991470715053339",
                "338490487351861577552554114094685004680",
                "3761531053253518297421411850467532774",
                "38296037108315816685757152490174175399",
                "119925681653977753993684191719868672081",
                "231252402362125044599127783695202301038",
                "113308147506768385034458147111247690185",
                "127735398500339678563617993092869890664",
                "131283023038667967207233783990652932135",
                "175770028656615546704640618258824141075",
                "62279842121833707728953447108438360793",
                "289100919150289420899954891348132595647",
                "99378679856880236086246357496976517378"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/bin/common/color.c"
        },
        "signature_type": "Line",
        "id": "CVE-2018-21010-16e574a7",
        "source": "https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 7936.0,
            "function_hash": "206676380706185999110114411288142323234"
        },
        "target": {
            "function": "color_apply_icc_profile",
            "file": "src/bin/common/color.c"
        },
        "signature_type": "Function",
        "id": "CVE-2018-21010-859200bb",
        "source": "https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea",
        "signature_version": "v1",
        "deprecated": false
    }
]