Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for opencv

This update for opencv fixes the following issues:

Security issues fixed:

- CVE-2016-1516: OpenCV had a double free issue that allowed attackers to execute arbitrary code. (boo#1033152)
- CVE-2017-14136: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. (boo#1057146)
- CVE-2017-12606: OpenCV had an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. (boo#1052451)
- CVE-2017-12604: OpenCV had an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. (boo#1052454)
- CVE-2017-12603: OpenCV had an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. (boo#1052455)
- CVE-2017-12602: OpenCV had a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. (boo#1052456)
- CVE-2017-12601: OpenCV had a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. (boo#1052457)
- CVE-2017-12600: OpenCV had a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. (boo#1052459)
- CVE-2017-12599: OpenCV had an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. (boo#1052461)
- CVE-2017-12598: OpenCV had an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. (boo#1052462)
- CVE-2017-12597: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. (boo#1052465)
- CVE-2017-12864: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054019)
- CVE-2017-12863: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054020)
- CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054021)
- CVE-2017-12605: OpenCV had an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. (boo#1054984)

Fixed bugs
bnc#1052451
VUL-0: CVE-2017-12606: opencv: out-of-bounds write error in the function FillColorRow4 in utils.cpp
bnc#1052456
VUL-0: CVE-2017-12602: opencv: denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case
bnc#1052457
VUL-0: CVE-2017-12601: opencv: buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp
bnc#1052454
VUL-0: CVE-2017-12604: opencv: out-of-bounds write error in the FillUniColor function in utils.cpp
bnc#1052455
VUL-0: CVE-2017-12603: opencv: invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp
bnc#1054984
VUL-0: CVE-2017-12605: opencv: out-of-bounds write error in the function FillColorRow8
bnc#1052459
VUL-0: CVE-2017-12600: opencv: denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case
bnc#1054021
VUL-0: CVE-2017-12862: opencv: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src issmall than expected, which will cause copy buffer overflow later. If the imageis from remote, may lead to remote code execution or denia
bnc#1054020
VUL-0: CVE-2017-12863: opencv: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData hasa integer overflow when calculate src_pitch. If the image is from remote, maylead to remote code execution or denial of service. This a
bnc#1052462
VUL-0: CVE-2017-12598: opencv: out-of-bounds read error in the cv::RBaseStream::readBlock function
bnc#1052461
VUL-0: CVE-2017-12599: opencv: out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R
bnc#1054019
VUL-0: CVE-2017-12864: opencv: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did notcheckout the input length, which lead to integer overflow. If the image is fromremote, may lead to remote code execution or denial of service
bnc#1052465
VUL-0: CVE-2017-12597: opencv: out-of-bounds write error in the function FillColorRow1 in utils.cpp
bnc#1057146
VUL-0: CVE-2017-14136: opencv: out-of-bounds write error in the function FillColorRow1 in utils.cpp
bnc#1033152
VUL-0: CVE-2016-1516: opencv: double free issue that allows attackers to execute arbitrary code
CVE-2017-14136
CVE-2017-12862
CVE-2016-1516
CVE-2017-12606
CVE-2017-12597
CVE-2017-12604
CVE-2017-12605
CVE-2017-12602
CVE-2017-12603
CVE-2017-12600
CVE-2017-12601
CVE-2017-12864
CVE-2017-12863
CVE-2017-12598
CVE-2017-12599
Selected Binaries
openSUSE Build Service is sponsored by
Places