Published: 15/08/2017 Updated: 30/11/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and previous versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencv opencv
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #875345 opencv: CVE-2017-12864: Integer overflow in ReadNumber Package: src:opencv; Maintainer for src:opencv is Debian Science Team <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Sep 2017 19:24:02 UTC Severity: import ...

In opencv/modules/imgcodecs/src/grfmt_pxmcpp, function ReadNumber did not checkout the input length, which lead to integer overflow If the image is from remote, may lead to remote code execution or denial of service This affects Opencv 33 and earlier ...

CWE-190 https://github.com/opencv/opencv/issues/9372 https://security.gentoo.org/glsa/201712-02 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875345 https://nvd.nist.gov

CVE-2017-12864

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect