Overview

File _patchinfo of Package patchinfo.8179

<patchinfo incident="8179">
  <issue tracker="bnc" id="1074313">VUL-0: CVE-2017-17760: opencv: buffer overflow in function cv::PxMDecoder::readData</issue>
  <issue tracker="bnc" id="1074312">VUL-0: CVE-2017-18009: opencv: heap-based buffer over-read in function cv::HdrDecoder::checkSignature</issue>
  <issue tracker="bnc" id="1075017">VUL-0: CVE-2018-5268: opencv:  In OpenCV 3.3.1, a heap-based buffer overflow happens incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image file.</issue>
  <issue tracker="bnc" id="1074487">VUL-0: CVE-2017-1000450: opencv: functions FillUniColor and FillUniGray do not check the input length</issue>
  <issue id="1075019" tracker="bnc">VUL-0: CVE-2018-5269: opencv: In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.</issue>
  <issue tracker="cve" id="2018-5268"/>
  <issue tracker="cve" id="2017-1000450"/>
  <issue tracker="cve" id="2017-17760"/>
  <issue tracker="cve" id="2017-18009"/>
  <issue id="2018-5269" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>zhengqiang</packager>
  <description>This update for opencv fixes the following issues:

- CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image file. (boo#1075017)
- CVE-2017-17760: Fixed an buffer overflow in function cv::PxMDecoder::readData (boo#1074313)
- CVE-2017-18009: Fixed a heap-based buffer over-read in function cv::HdrDecoder::checkSignature (boo#1074312)
- CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check the input length which could lead to out of bounds writes and crashes (boo#1074487)
- CVE-2018-5269: Fixed an assertion failure happens in cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast (bsc#1075019).
  </description>
  <summary>Security update for opencv</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places