http://bugzilla.opensuse.org/show_bug.cgi?id=1074487 Bug ID: 1074487 Summary: VUL-0: CVE-2017-1000450: opencv: functions FillUniColor and FillUniGray do not check the input length Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/197500/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: kde-maintainers@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2017-1000450 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000450 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000450.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450 https://github.com/opencv/opencv/issues/9723 https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor -- You are receiving this mail because: You are on the CC list for the bug.