VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 5, 2019· Updated Aug 5, 2024

CVE-2018-21010

CVE-2018-21010

Description

A heap buffer overflow in OpenJPEG before 2.3.1 in color_apply_icc_profile can lead to arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap buffer overflow in OpenJPEG before 2.3.1 in color_apply_icc_profile can lead to arbitrary code execution.

Vulnerability

OpenJPEG versions before 2.3.1 contain a heap buffer overflow vulnerability in the color_apply_icc_profile function in bin/common/color.c [1]. The bug occurs when processing images with three components (RGB or RGBA) where the component widths or heights differ, as the code assumes all three components have the same dimensions and allocates a buffer based on max_w * max_h [1]. This can lead to writing beyond the allocated heap buffer [1].

Exploitation

An attacker can exploit this vulnerability by providing a crafted JPEG 2000 image file with mismatched component dimensions that triggers the heap buffer overflow when the image is decoded and the ICC profile is applied [1][2]. No special privileges are required; the attack vector is remote, but user interaction is needed (e.g., opening the malicious image in an application that uses OpenJPEG) [2].

Impact

Successful exploitation could result in arbitrary code execution in the context of the application using the OpenJPEG library [2]. This could lead to full system compromise depending on the application's privileges [2].

Mitigation

The vulnerability is fixed in OpenJPEG version 2.3.1 [1]. Users should upgrade to at least version 2.3.1 or, as recommended by Gentoo, version 2.4.0 [2]. There is no known workaround [2]. Systems running OpenJPEG 1.x should upgrade to the 2.x series [2].

References
  1. color_apply_icc_profile: avoid potential heap buffer overflow · uclouvain/openjpeg@2e5ab1d
  2. Multiple vulnerabilities (GLSA 202101-29) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

46

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The color_apply_icc_profile function does not properly validate image component dimensions before allocating memory for color transformations, potentially leading to a heap buffer overflow."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted image file that, when processed by the OpenJPEG library, causes the `color_apply_icc_profile` function to miscalculate buffer sizes. This occurs when the image components do not share the same width and height, leading to an overflow during memory allocation and subsequent data processing.

Affected code

The vulnerability resides in the `color_apply_icc_profile` function located in `bin/common/color.c`. The affected code path involves the allocation of `inbuf` and `outbuf` based on `max_w * max_h` which can be incorrect if image components have differing dimensions [ref_id=1].

What the fix does

The patch introduces a check to ensure that all image components (red, green, and blue) have the same width and height before proceeding with the color transformation. This validation prevents the `max_w * max_h` calculation from being based on inconsistent dimensions, thereby avoiding the potential heap buffer overflow that could occur during memory allocation and data copying for the color transformation process [ref_id=1].

Preconditions

  • inputA specially crafted image file that causes inconsistent image component dimensions.

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.