CVE-2018-5268 - In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modul

CVE-2018-5268

Summary

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

References

Vulnerable Configurations

cpe:2.3:a:opencv:opencv:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:opencv:opencv:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 30-11-2021 - 18:55)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	106945
misc	https://github.com/opencv/opencv/issues/10541
mlist	[debian-lts-announce] 20180418 [SECURITY] [DLA 1354-1] opencv security update [debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update

Last major update

30-11-2021 - 18:55

Published

08-01-2018 - 05:29

Last modified

30-11-2021 - 18:55