CVE-2017-1000450 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-1000450 Interim 1 14 2023-12-09T00:57:11Z current 2021-05-30T14:06:28Z 2023-12-09T00:57:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-1000450 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZA5SRBQE625ARA3NW736BFDCR3ROHBB/#FZA5SRBQE625ARA3NW736BFDCR3ROHBB E-Mail link for openSUSE-SU-2018:1438-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 libopencv3_3 opencv opencv-devel libopencv3_3 as a component of SUSE Linux Enterprise Workstation Extension 15 opencv as a component of SUSE Linux Enterprise Workstation Extension 15 opencv-devel as a component of SUSE Linux Enterprise Workstation Extension 15 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVE-2017-1000450 SUSE Linux Enterprise Workstation Extension 15:libopencv3_3 SUSE Linux Enterprise Workstation Extension 15:opencv SUSE Linux Enterprise Workstation Extension 15:opencv-devel important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H