Skip to content

Out-of-bounds Read in OpenCV

High severity GitHub Reviewed Published Oct 12, 2021 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

pip opencv-contrib-python (pip)

Affected versions

<= 3.3.1.11

Patched versions

3.4.1.15
pip opencv-python (pip)
<= 3.3.1.11
3.4.1.15

Description

In OpenCV 3.3.1 (corresponding with OpenCV-Python 3.3.1.11), a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

References

Reviewed Oct 7, 2021
Published to the GitHub Advisory Database Oct 12, 2021
Last updated Jan 9, 2023

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CVE ID

CVE-2017-18009

GHSA ID

GHSA-83rh-hx5x-q9p5

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.