Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remote code execution via heap corruption #5956

Closed
rstevens70 opened this issue Jan 13, 2016 · 8 comments
Closed

Remote code execution via heap corruption #5956

rstevens70 opened this issue Jan 13, 2016 · 8 comments

Comments

@rstevens70
Copy link

We've isolated a couple bugs that could allow an attacker to achieve remote code execution on a victim's machine when processing an infected image with OpenCV.

We have more details and would like to responsibly disclose this to a lead developer.

Known vulnerable versions: Linux, OpenCV 3.0.0. Unverified but most likely works on all versions.

@mshabunin mshabunin added the question (invalid tracker) ask questions and other "no action" items here: https://forum.opencv.org label Jan 17, 2016
@mshabunin
Copy link
Contributor

Please, send the details to admin@opencv.org

@rstevens70
Copy link
Author

Will do. For record keeping, the two vulnerabilities now have CVE-IDs:
CVE-2016-1516
CVE-2016-1517

@carnil
Copy link

carnil commented Apr 12, 2017

Are there fixing commits available for those two issues?

@mshabunin mshabunin added RFC and removed question (invalid tracker) ask questions and other "no action" items here: https://forum.opencv.org labels Apr 14, 2017
@vpisarev vpisarev self-assigned this May 15, 2017
@vpisarev
Copy link
Contributor

hello! I've checked https://arxiv.org/pdf/1701.04739.pdf and https://www.flickr.com/photos/138669175@N07/albums/72157662415158985.

Cannot reproduce the problem. We need more clear specification on where the bug is

@carnil
Copy link

carnil commented Jun 28, 2017

@rstevens70 Any news on those?

@rhertzog
Copy link

@mshabunin Did you receive any actionable data on admin@opencv.org ?

@rstevens70 Since you requested CVE, I think it's up to you to provide the required data/information so that @vpisarev is able to understand the issue and fix it. Can you at least share the reproducer files ?

@mshabunin
Copy link
Contributor

@rhertzog , yes we've received 3 sample files, in current version all three cases are handled correctly - an exception is raised.

This issue has been fixed in #9376 along with several others.

@sergiomb2
Copy link
Contributor

Could you release um bugfix release ? I see almost 10 CVE(s) [1]

[1]
https://github.com/opencv/opencv/issues?q=label%3A%22category%3A+vulnerability%22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

6 participants