Source: opencv Version: 2.4.9.1+dfsg1-2 Severity: important Tags: upstream security Forwarded: https://github.com/opencv/opencv/issues/9309
Hi, the following vulnerabilities were published for opencv. I'm still not filling them as individual bugs, since all are tracked in the upstream report at [8]. I suggest though to split the bug as eneeded up once more details are sorted out/and or fixes available making clear the set of affected versions. CVE-2017-12597[0]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds write error in the function FillColorRow1 in utils.cpp | when reading an image file by using cv::imread. CVE-2017-12598[1]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds read error in the cv::RBaseStream::readBlock function in | modules/imgcodecs/src/bitstrm.cpp when reading an image file by using | cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test | case. CVE-2017-12599[2]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when | reading an image file by using cv::imread. CVE-2017-12601[3]: | OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer | overflow in the cv::BmpDecoder::readData function in | modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using | cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test | case. CVE-2017-12603[4]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid | write in the cv::RLByteStream::getBytes function in | modules/imgcodecs/src/bitstrm.cpp when reading an image file by using | cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test | case. CVE-2017-12604[5]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds write error in the FillUniColor function in utils.cpp | when reading an image file by using cv::imread. CVE-2017-12605[6]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds write error in the FillColorRow8 function in utils.cpp | when reading an image file by using cv::imread. CVE-2017-12606[7]: | OpenCV (Open Source Computer Vision Library) through 3.3 has an | out-of-bounds write error in the function FillColorRow4 in utils.cpp | when reading an image file by using cv::imread. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12597 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12597 [1] https://security-tracker.debian.org/tracker/CVE-2017-12598 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12598 [2] https://security-tracker.debian.org/tracker/CVE-2017-12599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12599 [3] https://security-tracker.debian.org/tracker/CVE-2017-12601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12601 [4] https://security-tracker.debian.org/tracker/CVE-2017-12603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12603 [5] https://security-tracker.debian.org/tracker/CVE-2017-12604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12604 [6] https://security-tracker.debian.org/tracker/CVE-2017-12605 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12605 [7] https://security-tracker.debian.org/tracker/CVE-2017-12606 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12606 [8] https://github.com/opencv/opencv/issues/9309 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team