Buffer Overflow Vulnerability in OpenCV Library Affecting Image Decoding
CVE-2017-12601

8.8HIGH

Key Information:

Vendor

Opencv

Status
Opencv
Vendor
CVE Published:
7 August 2017

What is CVE-2017-12601?

The OpenCV Library, a popular tool for computer vision applications, is affected by a buffer overflow vulnerability in its bmp image decoding function. Specifically, the issue arises in the cv::BmpDecoder::readData method within the imgcodecs module. When handling image files using the cv::imread function, the vulnerability can lead to potential memory corruption, which may allow attackers to execute arbitrary code or cause application crashes. This vulnerability has been evidenced by specific test cases, emphasizing the need for timely updates and patches in systems utilizing this library.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://lists.debian.org/debian-lts-announce/2018/07/msg0...
mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/201712-02
vendor-advisoryx_refsource_GENTOO
https://github.com/xiaoqx/pocs/blob/master/opencv.md
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.