{"id":"CVE-2018-21010","details":"OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.","modified":"2026-04-11T21:31:52.699500Z","published":"2019-09-05T13:15:10.813Z","related":["SUSE-SU-2022:3801-1","SUSE-SU-2022:3802-1","SUSE-SU-2022:4082-1","openSUSE-SU-2024:13571-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00009.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-29"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"57096325457f96d8cd07bd3af04fe81d7a2ba788"},{"fixed":"2e5ab1d9987831c981ff05862e8ccf1381ed58ea"}],"database_specific":{"cpe":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.3.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["v2.2.0","v2.3.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:31:52Z","vanir_signatures":[{"deprecated":false,"signature_version":"v1","target":{"file":"src/bin/common/color.c"},"digest":{"line_hashes":["47772986423275944948129387740378959748","205748424800095807526570439468686203929","311212710083938358638417075780320992282","13845996517696402041291325485194756521","232034462384640403651731608255195773281","260035379454205935624654794521312315561","27759279588051978015740535400210265005","24887882373412726135602646506894525370","10796914929716296175201449165596947575","210927989779164417464137647003868472755","160776532049488125440815871690663048169","296789431730108481029949790463180491645","211630102750653992397075884111426201760","45072898588808494368736867557010706522","187357730233943923627195889501389262807","18114862465483823227445671054192736037","32977918220178411040624988570409498907","154346496108818336977911423640308731000","280905759675619092679285625124901276488","265498822902519309421227408500631555967","277080353820867427640166991470715053339","211630102750653992397075884111426201760","82026733997208869923982752454371346838","233974658630491624153646875549529329671","151172523150507511277390429814071198607","231252402362125044599127783695202301038","113308147506768385034458147111247690185","76146420620240622652158139798106522380","228630602540866455030758235740298016390","120750669731829277520980204948569330498","109451196913446605897293240902573639350","17407463850010632372209515990872031218","191951910983718499554776888884780843443","76954929910805505068933795025888937249","99618613372891725581721000891204504777","180620412410529278479013507171956707920","213435621004669630972044136455783277441","298320697987736938007771825131292495308","265495701817522015175446458566787246427","108016489492950703904379036496720397977","8677741571317082609543726576800599073","296789431730108481029949790463180491645","211630102750653992397075884111426201760","44497727351483186019103832198962477616","59120822791411335295321191655897392750","302064298161111932100911413517165003495","249450554219199452433629851869756072647","257660251622353207407650709361295596847","68384279721278417397411680451267629008","265498822902519309421227408500631555967","277080353820867427640166991470715053339","338490487351861577552554114094685004680","3761531053253518297421411850467532774","38296037108315816685757152490174175399","119925681653977753993684191719868672081","231252402362125044599127783695202301038","113308147506768385034458147111247690185","127735398500339678563617993092869890664","131283023038667967207233783990652932135","175770028656615546704640618258824141075","62279842121833707728953447108438360793","289100919150289420899954891348132595647","99378679856880236086246357496976517378"],"threshold":0.9},"id":"CVE-2018-21010-16e574a7","signature_type":"Line","source":"https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea"},{"deprecated":false,"signature_version":"v1","target":{"function":"color_apply_icc_profile","file":"src/bin/common/color.c"},"digest":{"function_hash":"206676380706185999110114411288142323234","length":7936},"id":"CVE-2018-21010-859200bb","signature_type":"Function","source":"https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-21010.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}