GHSA-5rpc-gwh9-q9fg

Source
https://github.com/advisories/GHSA-5rpc-gwh9-q9fg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-5rpc-gwh9-q9fg/GHSA-5rpc-gwh9-q9fg.json
Aliases
Published
2021-10-12T22:02:21Z
Modified
2023-11-08T03:58:54.395801Z
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Details

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

References

Affected packages

PyPI / opencv-python

Package

Name
opencv-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0
3.1.0.0
3.1.0.1
3.1.0.2
3.1.0.3
3.1.0.4
3.1.0.5
3.2.0.6
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}

PyPI / opencv-contrib-python

Package

Name
opencv-contrib-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0.0
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}