Vulnerabilities > CVE-2018-21010 - Out-of-bounds Write vulnerability in multiple products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2019-09-05

Updated: 2022-10-29

Summary

OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

Part	Description	Count
Application	Uclouvain Uclouvain Openjpeg - Uclouvain Openjpeg 1.0 Uclouvain Openjpeg 1.1 Uclouvain Openjpeg 1.2 Uclouvain Openjpeg 1.3 Uclouvain Openjpeg 1.4 Uclouvain Openjpeg 1.5 Uclouvain Openjpeg 1.5.1 Uclouvain Openjpeg 1.5.2 Uclouvain Openjpeg 2.0 Uclouvain Openjpeg 2.0.0 Uclouvain Openjpeg 2.0.1 Uclouvain Openjpeg 2.1 Uclouvain Openjpeg 2.1.0 Uclouvain Openjpeg 2.1.1 Uclouvain Openjpeg 2.1.2 Uclouvain Openjpeg 2.2.0 Uclouvain Openjpeg 2.3.0	18
OS	Debian Debian Debian Linux 8.0	1

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1950.NASL
description	A heap buffer overflow vulnerability was discovered in openjpeg2, the open-source JPEG 2000 codec. This vulnerability is caused by insufficient validation of width and height of image components in color_apply_icc_profile (src/bin/common/color.c). Remote attackers might leverage this vulnerability via a crafted JP2 file, leading to denial of service (application crash) or any other undefined behavior. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	129735
published	2019-10-09
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129735
title	Debian DLA-1950-1 : openjpeg2 security update