Bug#886282: opencv: CVE-2017-1000450: Out of bounds write
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 3 20:23:32 UTC 2018
Source: opencv
Version: 2.4.9.1+dfsg1-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/opencv/opencv/issues/9723
Hi,
the following vulnerability was published for opencv.
CVE-2017-1000450[0]:
| In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and
| FillUniGray do not check the input length, which can lead to integer
| overflow. If the image is from remote, may lead to remote code
| execution or denial of service. This affects Opencv 3.3 and earlier.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450
[1] https://github.com/opencv/opencv/issues/9723
[2] https://github.com/opencv/opencv/pull/9726
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list