| Bug ID | 1074487 |
|---|---|
| Summary | VUL-0: CVE-2017-1000450: opencv: functions FillUniColor and FillUniGray do not check the input length |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/197500/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | kde-maintainers@suse.de |
| Reporter | abergmann@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2017-1000450 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000450 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000450.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450 https://github.com/opencv/opencv/issues/9723 https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor