Skip to main content

Opencv CVE-2017-14136

MEDIUM
Out-of-bounds Write (CWE-787)
2017-09-04 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 04, 2017 - 23:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.

AnalysisAI

OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. Affected products include: Opencv, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Opencv

View all
CVE-2017-12606 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4

CVE-2016-1516 HIGH POC
8.8 Apr 10

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), th

CVE-2017-12601 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function

CVE-2017-12605 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function

CVE-2017-12604 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function i

CVE-2017-12603 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function

CVE-2017-12597 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1

CVE-2017-12599 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR

CVE-2017-12598 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlo

CVE-2019-14491 HIGH POC
8.2 Aug 01

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 8.2), this vulnerability

CVE-2017-12602 HIGH POC
7.5 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstr

CVE-2017-12600 HIGH POC
7.5 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrate

Share

CVE-2017-14136 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy