File _patchinfo of Package patchinfo.8121

<patchinfo incident="8121">
  <issue tracker="bnc" id="1052451">VUL-0: CVE-2017-12606: opencv: out-of-bounds write error in the function FillColorRow4 in utils.cpp</issue>
  <issue tracker="bnc" id="1052456">VUL-0: CVE-2017-12602: opencv: denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case</issue>
  <issue tracker="bnc" id="1052457">VUL-0: CVE-2017-12601: opencv: buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp</issue>
  <issue tracker="bnc" id="1052454">VUL-0: CVE-2017-12604: opencv: out-of-bounds write error in the FillUniColor function in utils.cpp</issue>
  <issue tracker="bnc" id="1052455">VUL-0: CVE-2017-12603: opencv: invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp</issue>
  <issue tracker="bnc" id="1054984">VUL-0: CVE-2017-12605: opencv: out-of-bounds write error in the function FillColorRow8</issue>
  <issue tracker="bnc" id="1052459">VUL-0: CVE-2017-12600: opencv: denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case</issue>
  <issue tracker="bnc" id="1054021">VUL-0: CVE-2017-12862: opencv: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src issmall than expected, which will cause copy buffer overflow later. If the imageis from remote, may lead to remote code execution or denia</issue>
  <issue tracker="bnc" id="1054020">VUL-0: CVE-2017-12863: opencv: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData hasa integer overflow when calculate src_pitch. If the image is from remote, maylead to remote code execution or denial of service. This a</issue>
  <issue tracker="bnc" id="1052462">VUL-0: CVE-2017-12598: opencv: out-of-bounds read error in the cv::RBaseStream::readBlock function</issue>
  <issue tracker="bnc" id="1052461">VUL-0: CVE-2017-12599: opencv: out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R</issue>
  <issue tracker="bnc" id="1054019">VUL-0: CVE-2017-12864: opencv: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did notcheckout the input length, which lead to integer overflow. If the image is fromremote, may lead to remote code execution or denial of service</issue>
  <issue tracker="bnc" id="1052465">VUL-0: CVE-2017-12597: opencv: out-of-bounds write error in the function FillColorRow1 in utils.cpp</issue>
  <issue tracker="bnc" id="1057146">VUL-0: CVE-2017-14136: opencv: out-of-bounds write error in the function FillColorRow1 in utils.cpp</issue>
  <issue tracker="bnc" id="1033152">VUL-0: CVE-2016-1516: opencv: double free issue that allows attackers to execute arbitrary code</issue>
  <issue tracker="cve" id="2017-14136"/>
  <issue tracker="cve" id="2017-12862"/>
  <issue tracker="cve" id="2016-1516"/>
  <issue tracker="cve" id="2017-12606"/>
  <issue tracker="cve" id="2017-12597"/>
  <issue tracker="cve" id="2017-12604"/>
  <issue tracker="cve" id="2017-12605"/>
  <issue tracker="cve" id="2017-12602"/>
  <issue tracker="cve" id="2017-12603"/>
  <issue tracker="cve" id="2017-12600"/>
  <issue tracker="cve" id="2017-12601"/>
  <issue tracker="cve" id="2017-12864"/>
  <issue tracker="cve" id="2017-12863"/>
  <issue tracker="cve" id="2017-12598"/>
  <issue tracker="cve" id="2017-12599"/>
  <category>security</category>
  <rating>important</rating>
  <packager>zhengqiang</packager>
  <description>This update for opencv fixes the following issues:

Security issues fixed:

- CVE-2016-1516: OpenCV had a double free issue that allowed attackers to execute arbitrary code. (boo#1033152)
- CVE-2017-14136: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. (boo#1057146)
- CVE-2017-12606: OpenCV had an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. (boo#1052451)
- CVE-2017-12604: OpenCV had an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. (boo#1052454)
- CVE-2017-12603: OpenCV had an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. (boo#1052455)
- CVE-2017-12602: OpenCV had a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. (boo#1052456)
- CVE-2017-12601: OpenCV had a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. (boo#1052457)
- CVE-2017-12600: OpenCV had a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. (boo#1052459)
- CVE-2017-12599: OpenCV had an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. (boo#1052461)
- CVE-2017-12598: OpenCV had an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. (boo#1052462)
- CVE-2017-12597: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. (boo#1052465)
- CVE-2017-12864: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054019)
- CVE-2017-12863: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054020)
- CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054021)
- CVE-2017-12605: OpenCV had an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. (boo#1054984)

</description>
  <summary>Security update for opencv</summary>
</patchinfo>