Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tNDNjLTY0OW0tcG00OM0WTA

Integer Overflow or Wraparound in OpenCV.

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 (corresponding with OpenCV-Python 3.3.0.9) and earlier.

Permalink: https://github.com/advisories/GHSA-m43c-649m-pm48
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNDNjLTY0OW0tcG00OM0WTA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-m43c-649m-pm48, CVE-2017-1000450
References: Repository: https://github.com/opencv/opencv
Blast Radius: 42.5

Affected Packages

pypi:opencv-contrib-python
Dependent packages: 250
Dependent repositories: 8,355
Downloads: 2,236,459 last month
Affected Version Ranges: <= 3.3.0.9
Fixed in: 3.3.1.11
All affected versions:
All unaffected versions:
pypi:opencv-python
Dependent packages: 2,667
Dependent repositories: 67,670
Downloads: 13,458,741 last month
Affected Version Ranges: <= 3.3.0.9
Fixed in: 3.3.1.11
All affected versions:
All unaffected versions: 3.1.0