GHSA-267x-w5hx-8hjr

Source
https://github.com/advisories/GHSA-267x-w5hx-8hjr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-267x-w5hx-8hjr/GHSA-267x-w5hx-8hjr.json
Aliases
Published
2021-10-12T22:02:45Z
Modified
2023-11-08T03:58:54.518605Z
Summary
Integer Overflow or Wraparound in OpenCV
Details

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding with OpenCV-Python version 3.3.0.9) and earlier.

References

Affected packages

PyPI / opencv-python

Package

Name
opencv-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0
3.1.0.0
3.1.0.1
3.1.0.2
3.1.0.3
3.1.0.4
3.1.0.5
3.2.0.6
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}

PyPI / opencv-contrib-python

Package

Name
opencv-contrib-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0.0
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}