CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-5268
https://notcve.org/view.php?id=CVE-2018-5268
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. En OpenCV 3.3.1, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en cv::Jpeg2KDecoder::readComponent8u en modules/imgcodecs/src/grfmt_jpeg2000.cpp al analizar un archivo de imagen manipulado. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10541 https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-5269
https://notcve.org/view.php?id=CVE-2018-5269
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. En OpenCV 3.3.1, ocurre un fallo de aserción en cv::RBaseStream::setPos en modules/imgcodecs/src/bitstrm.cpp debido a un pase de enteros incorrecto. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10540 https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2017-1000450
https://notcve.org/view.php?id=CVE-2017-1000450
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. En opencv/modules/imgcodecs/src/utils.cpp, las funciones FillUniColor y FillUniGray no comprueban la longitud de la entrada, lo que puede conducir a un desbordamiento de enteros. Si la imagen proviene de una fuente remota, podría provocar la ejecución remota de código o una denegación de servicio. • https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor https://github.com/opencv/opencv/issues/9723 https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18009
https://notcve.org/view.php?id=CVE-2017-18009
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. En OpenCV 3.3.1, una sobrelectura de búfer basada en memoria dinámica (heap) existe en la función cv::HdrDecoder::checkSignature en modules/imgcodecs/src/grfmt_hdr.cpp. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10479 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17760
https://notcve.org/view.php?id=CVE-2017-17760
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. OpenCV 3.3.1 tiene un desbordamiento de búfer en la función cv::PxMDecoder::readData en grfmt_pxm.cpp, debido a que se emplea un valor de tamaño incorrecto. • http://www.securityfocus.com/bid/102974 https://github.com/opencv/opencv/issues/10351 https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •