Description: "OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c." Affected versions in Portage: - 1.5.2-r1 (1.x series) NOTE: A version of 2.x with the fix is already in tree. This [0] mentions that 1.x is also vulnerable. Code in 1.5.2: https://github.com/uclouvain/openjpeg/blob/openjpeg-1.5/applications/common/color.c#L418 It looks like a patch could be generated, or indeed the 1.x series could be dropped given it is aging and its last release was 2014. Upstream have not released a fix for 1.x. Patch for 2.x: https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea [0] https://www.cvedetails.com/cve/CVE-2018-21010/
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ba62aa6a060734ae14a0e6f978c584746635248 commit 3ba62aa6a060734ae14a0e6f978c584746635248 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-30 07:01:27 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-01-23 18:12:57 +0000 media-libs/openjpeg: Security cleanup (drop :0) Bug: https://bugs.gentoo.org/711260 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16909 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/openjpeg/Manifest | 1 - media-libs/openjpeg/openjpeg-1.5.2-r1.ebuild | 77 ---------------------------- 2 files changed, 78 deletions(-)
Now just need vote.
This issue was resolved and addressed in GLSA 202101-29 at https://security.gentoo.org/glsa/202101-29 by GLSA coordinator Sam James (sam_c).