CVE-2017-12863
published 2017-08-15CVE-2017-12863: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | opencv | < opencv 3.2.0+dfsg-6 (bookworm) | opencv 3.2.0+dfsg-6 (bookworm) |
| opencv | opencv | <= 3.3.0 | — |
| opencv | opencv | >= 0 < 3.2.0+dfsg-6 | 3.2.0+dfsg-6 |
| opencv | opencv | >= 0 < 3.2.0+dfsg-6 | 3.2.0+dfsg-6 |
| opencv | opencv | >= 0 < 3.2.0+dfsg-6 | 3.2.0+dfsg-6 |
| opencv | opencv | >= 0 < 3.2.0+dfsg-6 | 3.2.0+dfsg-6 |
| sane-backends_project | sane-backends | >= 0 < 1.0.25+git20150528-1ubuntu2.16.04.3 | 1.0.25+git20150528-1ubuntu2.16.04.3 |
| sane-backends_project | sane-backends | >= 0 < 1.0.27-1~experimental3ubuntu2.3 | 1.0.27-1~experimental3ubuntu2.3 |
| sane-backends_project | sane-backends | >= 0 < 1.0.29-0ubuntu5.1 | 1.0.29-0ubuntu5.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH