Lucene search

GitHub Advisory DatabaseGHSA-9G8H-PJM4-Q92P

HistoryOct 12, 2021 - 10:23 p.m.

Out-of-bounds Write in OpenCV.

2021-10-1222:23:41

CWE-787

GitHub Advisory Database

github.com

opencv 3.3.1

heap-based buffer overflow

cv::jpeg2kdecoder::readcomponent8u

crafted image file

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.9%

JSON

In OpenCV 3.3.1 (corresponding with OpenCV-Python 3.3.1.11), a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

Affected configurations

Vulners

Node

opencvopencv-contrib-pythonRange≤3.3.1.11

opencvopencv-pythonRange≤3.3.1.11

VendorProductVersionCPE
opencvopencv-contrib-python*cpe:2.3:a:opencv:opencv-contrib-python:*:*:*:*:*:*:*:*
opencvopencv-python*cpe:2.3:a:opencv:opencv-python:*:*:*:*:*:*:*:*