Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:1438-1

Опубликовано: 28 мая 2018
Источник: suse-cvrf

Описание

Security update for opencv

This update for opencv fixes the following issues:

  • CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image file. (boo#1075017)
  • CVE-2017-17760: Fixed an buffer overflow in function cv::PxMDecoder::readData (boo#1074313)
  • CVE-2017-18009: Fixed a heap-based buffer over-read in function cv::HdrDecoder::checkSignature (boo#1074312)
  • CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check the input length which could lead to out of bounds writes and crashes (boo#1074487)
  • CVE-2018-5269: Fixed an assertion failure happens in cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast (bsc#1075019).

Список пакетов

openSUSE Leap 42.3
libopencv-qt56_3-3.1.0-4.11.1
libopencv3_1-3.1.0-4.11.1
opencv-3.1.0-4.11.1
opencv-devel-3.1.0-4.11.1
opencv-doc-3.1.0-4.11.1
opencv-qt5-3.1.0-4.11.1
opencv-qt5-devel-3.1.0-4.11.1
opencv-qt5-doc-3.1.0-4.11.1
python-opencv-3.1.0-4.11.1
python-opencv-qt5-3.1.0-4.11.1
python3-opencv-3.1.0-4.11.1
python3-opencv-qt5-3.1.0-4.11.1

Ссылки

Описание

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

Затронутые продукты
openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1
openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1
Ссылки

Описание

OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.

Затронутые продукты
openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1
openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1
Ссылки

Описание

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

Затронутые продукты
openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1
openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1
Ссылки

Описание

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

Затронутые продукты
openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1
openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1
Ссылки

Описание

In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.

Затронутые продукты
openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1
openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-3.1.0-4.11.1
openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1
Ссылки