CVE-2017-1000450 – opencv-contrib-python

Package

Manager: pip
Name: opencv-contrib-python
Vulnerable Version: >=0 <3.3.1.11

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02617 pctl0.85118

Details

Integer Overflow or Wraparound in OpenCV. In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 (corresponding with OpenCV-Python 3.3.0.9) and earlier.

Metadata

Created: 2021-10-12T22:03:32Z
Modified: 2021-11-18T15:31:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-m43c-649m-pm48/GHSA-m43c-649m-pm48.json
CWE IDs: ["CWE-190"]
Alternative ID: GHSA-m43c-649m-pm48
Finding: F111
Auto approve: 1