GHSA-wq8f-wvqp-xvvm

Source
https://github.com/advisories/GHSA-wq8f-wvqp-xvvm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-wq8f-wvqp-xvvm/GHSA-wq8f-wvqp-xvvm.json
Aliases
Published
2021-10-12T22:02:35Z
Modified
2023-11-08T03:58:54.457056Z
Summary
Integer Overflow or Wraparound in OpenCV
Details

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function PxMDecoder::readData has an integer overflow when calculate srcpitch. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

References

Affected packages

PyPI / opencv-python

Package

Name
opencv-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0
3.1.0.0
3.1.0.1
3.1.0.2
3.1.0.3
3.1.0.4
3.1.0.5
3.2.0.6
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}

PyPI / opencv-contrib-python

Package

Name
opencv-contrib-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.3.1.11

Affected versions

3.*

3.1.0.0
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10

Database specific 

{
    "last_known_affected_version_range": "<= 3.3.0.9"
}