CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2017-1000450 — HIGH severity vulnerability | Release Alert
CVE-2017-1000450
8.8
HIGHCVSS v3
Published
January 2, 2018
CVSS v2
6.8 MEDIUM
Affected
5 projects
Assigned by
MITRE
Severity scale
010
Description
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
NuGet GalleryOpenCV (Open Source Computer Vision) is a library of programming functions for realtime computer vision. OpenCV is released under a BSD license and hence it’s free for both academic and commercial use. It has C++, C, Python and Java (Android) interfaces and supports Windows, Linux, Android, iOS and Mac OS. It has more than 2500 optimized algorithms. Adopted all around the world, OpenCV has more than 7 million downloads growing by nearly 200K/month. Usage ranges from interactive art, to mines inspection, stitching maps on the web on through advanced robotics.