CVE-2018-5268

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

References

Affected packages

Git / github.com/opencv/opencv

Affected ranges

Type

GIT

Repo

https://github.com/opencv/opencv

Events

Introduced

Last affected

af4d6f34d8d05b0a9a0278728823272e49a63898

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.1"
        }
    ]
}

Affected versions

2.*

2.2

2.4.0

2.4.1

2.4.10

2.4.10.1

2.4.10.2

2.4.10.3

2.4.10.4

2.4.11

2.4.12

2.4.12.1

2.4.12.2

2.4.12.3

2.4.13

2.4.13.1

2.4.2

2.4.3

2.4.3-rc

2.4.3.1

2.4.3.2

2.4.4

2.4.4-beta

2.4.5

2.4.6

2.4.6.1

2.4.6.2

2.4.6.2-rc1

2.4.7

2.4.7-rc1

2.4.7.1

2.4.7.2

2.4.8

2.4.8.1

2.4.8.2

2.4.8.3

2.4.9

2.4.9.1

3.*

3.0-ocl-tech-preview

3.0-ocl-tp2

3.0.0

3.0.0-alpha

3.0.0-beta

3.0.0-rc1

3.1.0

3.2.0

3.2.0-rc

3.3.0

3.3.0-cvsdk

3.3.0-rc

3.3.1-cvsdk

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5268.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]