CVE-2017-18009 — Out-of-bounds Read in Opencv

CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 54.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opencv

Timeline

PublishedJan 1

Latest updateSep 28

Description

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debianopencv/opencv< 4.1.2+dfsg-3+3

▶NVDopencv/opencv3.3.1

🔴Vulnerability Details

OSV

Out-of-bounds Read in OpenCV↗2021-10-12

▶

GHSA

Out-of-bounds Read in OpenCV↗2021-10-12

▶

CVEList

CVE-2017-18009: In OpenCV 3↗2018-01-01

▶

OSV

CVE-2017-18009: In OpenCV 3↗2018-01-01

▶

📋Vendor Advisories

Ubuntu

OpenCV vulnerabilities↗2022-09-28

▶

Android

CVE-2017-18009: Android Security Bulletin 2019-02-01 CVE: CVE-2017-18009 Severity: MEDIUM Type: ID Affected AOSP versions: 7↗2019-02-01

▶

Red Hat

opencv: heap-based buffer over-read in function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp↗2018-01-01

▶

Debian

CVE-2017-18009: opencv - In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDec...↗2017

▶

💬Community

Bugzilla

CVE-2017-18009 opencv: heap-based buffer over-read in function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp [fedora-all]↗2018-01-04

▶

Bugzilla

CVE-2017-18009 opencv: heap-based buffer over-read in function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp↗2018-01-04

▶