Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cnBjLWd3aDktcTlmZ80WUg
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.
Permalink: https://github.com/advisories/GHSA-5rpc-gwh9-q9fgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cnBjLWd3aDktcTlmZ80WUg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: almost 2 years ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00701
EPSS Percentile: 0.80097
Identifiers: GHSA-5rpc-gwh9-q9fg, CVE-2017-12862
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12862
- https://github.com/opencv/opencv/issues/9370
- https://github.com/opencv/opencv/pull/9376
- https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
- https://security.gentoo.org/glsa/201712-02
- https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
- https://github.com/advisories/GHSA-5rpc-gwh9-q9fg
Blast Radius: 42.5
Affected Packages
pypi:opencv-contrib-python
Dependent packages: 321Dependent repositories: 8,355
Downloads: 1,880,832 last month
Affected Version Ranges: <= 3.3.0.9
Fixed in: 3.3.1.11
All affected versions:
All unaffected versions:
pypi:opencv-python
Dependent packages: 3,545Dependent repositories: 67,670
Downloads: 11,943,282 last month
Affected Version Ranges: <= 3.3.0.9
Fixed in: 3.3.1.11
All affected versions:
All unaffected versions: 3.1.0