Published: 08/01/2018 Updated: 30/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencv opencv 3.3.1
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #886674 opencv: CVE-2018-5268 Package: src:opencv; Maintainer for src:opencv is Debian Science Team <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 8 Jan 2018 21:09:02 UTC Severity: important Tags: fixed-in-experimental, ...

In OpenCV 331, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000cpp when parsing a crafted image file ...

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

The Register • Shaun Nichols in San Francisco • 07 Feb 2019

Malicious Bluetooth signals, too, it looks like

Google has emitted security fixes for Android that should be installed, should you get the chance, as they can be potentially exploited to hijack devices. The worst vulnerability in the latest monthly batch, according to the ad giant, is one in which a maliciously crafted PNG image could execute code smuggled within the file, if an application views it. Thus an evil .PNG file opened by a chat app or email reader, say, could start running malware on the device with high-level privileges. Two othe...

CVE-2018-5268

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect