CVE-2017-18009
https://notcve.org/view.php?id=CVE-2017-18009
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. En OpenCV 3.3.1, una sobrelectura de búfer basada en memoria dinámica (heap) existe en la función cv::HdrDecoder::checkSignature en modules/imgcodecs/src/grfmt_hdr.cpp. • http://www.securityfocus.com/bid/106945 https://github.com/opencv/opencv/issues/10479 • CWE-125: Out-of-bounds Read •
CVE-2017-17760
https://notcve.org/view.php?id=CVE-2017-17760
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. OpenCV 3.3.1 tiene un desbordamiento de búfer en la función cv::PxMDecoder::readData en grfmt_pxm.cpp, debido a que se emplea un valor de tamaño incorrecto. • http://www.securityfocus.com/bid/102974 https://github.com/opencv/opencv/issues/10351 https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-14136
https://notcve.org/view.php?id=CVE-2017-14136
OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. OpenCV (Open Source Computer Vision Library) 3.3 tiene un error de escritura fuera de los límites en la función FillColorRow1 en utils.cpp al leer un archivo de imagen utilizando cv::imread. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-12597. • https://github.com/opencv/opencv/issues/9443 https://github.com/opencv/opencv/pull/9448 https://github.com/xiaoqx/pocs/blob/master/opencv.md https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://security.gentoo.org/glsa/201712-02 • CWE-787: Out-of-bounds Write •
CVE-2017-12864
https://notcve.org/view.php?id=CVE-2017-12864
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. En opencv/modules/imgcodecs/src/grfmt_pxm.cpp, la función ReadNumber no comprueba el tamaño de la entrada, lo que conduce a un desbordamiento de enteros. Si la imagen proviene de una fuente remota, podría provocar la ejecución remota de código o una denegación de servicio. • https://github.com/opencv/opencv/issues/9372 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html https://security.gentoo.org/glsa/201712-02 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-12863
https://notcve.org/view.php?id=CVE-2017-12863
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. En opencv/modules/imgcodecs/src/grfmt_pxm.cpp, la función PxMDecoder::readData tiene un desbordamiento de enteros cuando calcula src_pitch. Si la imagen proviene de una fuente remota, podría provocar la ejecución remota de código o una denegación de servicio. • https://github.com/opencv/opencv/issues/9371 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html https://security.gentoo.org/glsa/201712-02 • CWE-190: Integer Overflow or Wraparound •