CVE-2018-7713
https://notcve.org/view.php?id=CVE-2018-7713
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos causar una denegación de servicio (assertion failure) porque (size.width menor= (1 menor 20)) puede ser falso Nota: "OpenCV CV_Assert no es una aserción (C-like assert()), es una excepción normal de C ++ que se puede generar en caso de parámetros no válidos o no admitidos". • https://github.com/opencv/opencv/issues/10998 https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert • CWE-617: Reachable Assertion •
CVE-2018-7712
https://notcve.org/view.php?id=CVE-2018-7712
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos causar una denegación de servicio (assertion failure) porque (size.height menor= (1 menor 20)) puede ser falso Nota: "OpenCV CV_Assert no es una aserción (C-like assert()), es una excepción normal de C ++ que se puede generar en caso de parámetros no válidos o no admitidos". • https://github.com/opencv/opencv/issues/10998 https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert • CWE-617: Reachable Assertion •
CVE-2018-7714
https://notcve.org/view.php?id=CVE-2018-7714
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules / imgcodecs / src / loadsave.cpp en OpenCV 3.4.1 permite a los atacantes remotos causar una denegación de servicio (assertion failure) porque (píxeles <= (1 << 30)) puede ser falso. Nota: "OpenCV CV_Assert no es una aserción (C-like assert()), es una excepción normal de C ++ que se puede generar en caso de parámetros no válidos o no admitidos". • https://github.com/opencv/opencv/issues/10998 https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert • CWE-617: Reachable Assertion •
CVE-2018-5269
https://notcve.org/view.php?id=CVE-2018-5269
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. En OpenCV 3.3.1, ocurre un fallo de aserción en cv::RBaseStream::setPos en modules/imgcodecs/src/bitstrm.cpp debido a un pase de enteros incorrecto. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10540 https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-617: Reachable Assertion •
CVE-2018-5268
https://notcve.org/view.php?id=CVE-2018-5268
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. En OpenCV 3.3.1, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en cv::Jpeg2KDecoder::readComponent8u en modules/imgcodecs/src/grfmt_jpeg2000.cpp al analizar un archivo de imagen manipulado. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10541 https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-787: Out-of-bounds Write •