SB2018052812 - OpenSUSE Linux update for opencv 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018052812

SB2018052812 - OpenSUSE Linux update for opencv

Published: May 28, 2018 Updated: May 31, 2018

Security Bulletin ID SB2018052812
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2017-1000450)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to integer overflow in opencv/modules/imgcodecs/src/utils.cpp when functions FillUniColor and FillUniGray do not check the input length. A remote attacker can supply specially crafted image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) Buffer overflow (CVE-ID: CVE-2017-17760)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp when an incorrect size value is used. A remote attacker can supply specially crafted image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Heap-based buffer over-read (CVE-ID: CVE-2017-18009)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer over-read in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. A remote attacker can supply specially crafted image, trigger memory corruption and cause the service to crash.

4) Heap-based buffer overflow (CVE-ID: CVE-2018-5268)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing malicious input. A remote attacker can supply specially crafted image, trigger memory corruption and cause the service to crash.

5) Assertion failure (CVE-ID: CVE-2018-5269)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to assertion failure in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp when incorrect integer cast. A remote attacker can supply specially crafted image and cause the service to crash.

Remediation

Install update from vendor's website.

References