CVE-2017-1000450 — HIGH (8.8)

Q: How severe is CVE-2017-1000450?

CVE-2017-1000450 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-1000450?

Check the references section above for vendor advisories and patch information. Affected products include: Opencv Opencv, Debian Debian Linux.

Vulnerability Description

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opencv	Opencv	<= 3.3.0
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-190

References

https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColorExploitThird Party Advisory
https://github.com/opencv/opencv/issues/9723ExploitIssue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00008.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlMailing ListThird Party Advisory
https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColorExploitThird Party Advisory
https://github.com/opencv/opencv/issues/9723ExploitIssue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00008.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2017-1000450?

CVE-2017-1000450 is a vulnerability with a CVSS score of 8.8 (HIGH). In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote cod...

How severe is CVE-2017-1000450?

CVE-2017-1000450 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-1000450?

Check the references section above for vendor advisories and patch information. Affected products include: Opencv Opencv, Debian Debian Linux.