GHSA-5rpc-gwh9-q9fg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5rpc-gwh9-q9fg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-5rpc-gwh9-q9fg/GHSA-5rpc-gwh9-q9fg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5rpc-gwh9-q9fg
- Aliases
- Published
- 2021-10-12T22:02:21Z
- Modified
- 2023-11-08T03:58:54.395801Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
- Details
-
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.
- Database specific
{ "nvd_published_at": "2017-08-15T16:29:00Z", "github_reviewed_at": "2021-10-07T20:44:45Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-119", "CWE-787" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-12862
- https://github.com/opencv/opencv/issues/9370
- https://github.com/opencv/opencv/pull/9376
- https://github.com/opencv/opencv-python
- https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
- https://security.gentoo.org/glsa/201712-02
Affected packages
PyPI / opencv-python
Package
- Name
- opencv-python
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-python
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.3.1.11
PyPI / opencv-contrib-python
Package
- Name
- opencv-contrib-python
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-contrib-python