CVE-2018-21010 — Out-of-bounds Write in Openjpeg

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources

Severity

8.8HIGHNVD

OSV7.5

EPSS

0.8%

top 25.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Uclouvain Openjpeg Debian Linux

Timeline

PublishedSep 5

Latest updateMay 24

Description

OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDuclouvain/openjpeg< 2.3.1

▶Debianthe_openjpeg_project/openjpeg2< 2.3.1-1+3

▶Ubuntuthe_openjpeg_project/openjpeg2< 2.1.2-1.1+deb9u5build0.16.04.1

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: www.oracle.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-352f-66f5-76w2: OpenJPEG before 2↗2022-05-24

▶

OSV

OpenJPEG vulnerabilities↗2020-09-15

▶

OSV

CVE-2018-21010: OpenJPEG before 2↗2019-09-05

▶

CVEList

CVE-2018-21010: OpenJPEG before 2↗2019-09-05

▶

📋Vendor Advisories

Ubuntu

OpenJPEG vulnerabilities↗2020-09-15

▶

Red Hat

openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c↗2019-09-05

▶

Debian

CVE-2018-21010: openjpeg2 - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in b...↗2018

▶

💬Community

Bugzilla

CVE-2018-21010 openjpeg2: openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c [fedora-all]↗2019-09-26

▶

Bugzilla

CVE-2018-21010 openjpeg2: openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c [epel-all]↗2019-09-26

▶

Bugzilla

CVE-2018-21010 openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c↗2019-09-26

▶

Bugzilla

CVE-2018-21010 mingw-openjpeg2: openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c [fedora-all]↗2019-09-26

▶

Bugzilla

CVE-2018-21010 openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c [fedora-all]↗2019-09-26

▶