6.8
CVSSv2

CVE-2017-12864

Published: 15/08/2017 Updated: 30/11/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and previous versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opencv opencv

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian Bug report logs - #875345 opencv: CVE-2017-12864: Integer overflow in ReadNumber Package: src:opencv; Maintainer for src:opencv is Debian Science Team <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Sep 2017 19:24:02 UTC Severity: import ...
In opencv/modules/imgcodecs/src/grfmt_pxmcpp, function ReadNumber did not checkout the input length, which lead to integer overflow If the image is from remote, may lead to remote code execution or denial of service This affects Opencv 33 and earlier ...