Skip to main content

Opencv CVE-2018-5268

MEDIUM
Out-of-bounds Write (CWE-787)
2018-01-08 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 08, 2018 - 05:29 nvd
MEDIUM 5.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 pypi packages depend on opencv-python (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.4.1.15.

DescriptionNVD

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

AnalysisAI

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. Affected products include: Opencv, Debian Debian Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Opencv

View all
CVE-2017-12606 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4

CVE-2016-1516 HIGH POC
8.8 Apr 10

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), th

CVE-2017-12601 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function

CVE-2017-12605 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function

CVE-2017-12604 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function i

CVE-2017-12603 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function

CVE-2017-12597 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1

CVE-2017-12599 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR

CVE-2017-12598 HIGH POC
8.8 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlo

CVE-2019-14491 HIGH POC
8.2 Aug 01

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 8.2), this vulnerability

CVE-2017-12602 HIGH POC
7.5 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstr

CVE-2017-12600 HIGH POC
7.5 Aug 07

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrate

Share

CVE-2018-5268 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy