CVE-2017-1000450 — Integer Overflow or Wraparound in Opencv

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write9 documents7 sources

Severity

8.8HIGHNVD

EPSS

3.5%

top 12.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opencv Debian Linux

Timeline

PublishedJan 2

Latest updateOct 12

Description

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶Debianopencv/opencv< 3.2.0+dfsg-6+3

▶NVDopencv/opencv3.3.0

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

OSV

Integer Overflow or Wraparound in OpenCV.↗2021-10-12

▶

GHSA

Integer Overflow or Wraparound in OpenCV.↗2021-10-12

▶

OSV

CVE-2017-1000450: In opencv/modules/imgcodecs/src/utils↗2018-01-02

▶

CVEList

CVE-2017-1000450: In opencv/modules/imgcodecs/src/utils↗2018-01-02

▶

📋Vendor Advisories

Red Hat

opencv: out of bounds write in functions FillUniColor and FillUniGray in opencv/modules/imgcodecs/src/utils.cpp↗2017-09-26

▶

Debian

CVE-2017-1000450: opencv - In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGra...↗2017

▶

💬Community

Bugzilla

CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 opencv: various flaws [fedora-all]↗2018-01-05

▶

Bugzilla

CVE-2017-1000450 opencv: out of bounds write in functions FillUniColor and FillUniGray in opencv/modules/imgcodecs/src/utils.cpp↗2018-01-05

▶