Published: 01/01/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencv opencv 3.3.1

Debian Bug report logs - #924884 CVE-2017-18009 Package: src:opencv; Maintainer for src:opencv is Debian Science Team <debian-science-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 17 Mar 2019 22:15:01 UTC Severity: important Tags: fixed-upstream, security, upstream ...

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

The Register • Shaun Nichols in San Francisco • 07 Feb 2019

Malicious Bluetooth signals, too, it looks like

Google has emitted security fixes for Android that should be installed, should you get the chance, as they can be potentially exploited to hijack devices. The worst vulnerability in the latest monthly batch, according to the ad giant, is one in which a maliciously crafted PNG image could execute code smuggled within the file, if an application views it. Thus an evil .PNG file opened by a chat app or email reader, say, could start running malware on the device with high-level privileges. Two othe...

CVE-2017-18009

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect