CVE-2018-21010

Priority
Description
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile
in bin/common/color.c.
Ubuntu-Description
It was discovered that OpenJPEG did not properly handle certain input. If
OpenJPEG were supplied with specially crafted input, it could be made to crash
or potentially execute arbitrary code.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system openjpeg)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system openjpeg)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system openjpeg)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system openjpeg)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system openjpeg)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.1.2-1.1+deb9u5build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2.3.1-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.3.1-1)
Patches:
Upstream:https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-09-15 20:14:56 UTC (commit 52f423b9e3c86f3e331b2ae54e08921703c187be)