Vulnerability Description
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opencv | Opencv | 3.3.1 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102974Third Party AdvisoryVDB Entry
- https://github.com/opencv/opencv/issues/10351Issue TrackingThird Party Advisory
- https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915aIssue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00008.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/102974Third Party AdvisoryVDB Entry
- https://github.com/opencv/opencv/issues/10351Issue TrackingThird Party Advisory
- https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915aIssue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00008.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2017-17760?
CVE-2017-17760 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
How severe is CVE-2017-17760?
CVE-2017-17760 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17760?
Check the references section above for vendor advisories and patch information. Affected products include: Opencv Opencv, Debian Debian Linux.