CVE-2017-12862 – opencv-python

Package

Manager: pip
Name: opencv-python
Vulnerable Version: >=0 <3.3.1.11

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01034 pctl0.76515

Details

Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

Metadata

Created: 2021-10-12T22:02:21Z
Modified: 2021-11-18T15:33:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-5rpc-gwh9-q9fg/GHSA-5rpc-gwh9-q9fg.json
CWE IDs: ["CWE-119", "CWE-787"]
Alternative ID: GHSA-5rpc-gwh9-q9fg
Finding: F316
Auto approve: 1