{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-1000450","title":"Title"},{"category":"description","text":"In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-1000450","url":"https://www.suse.com/security/cve/CVE-2017-1000450"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1074487 for CVE-2017-1000450","url":"https://bugzilla.suse.com/1074487"},{"category":"external","summary":"Advisory link for openSUSE-SU-2018:1438-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZA5SRBQE625ARA3NW736BFDCR3ROHBB/#FZA5SRBQE625ARA3NW736BFDCR3ROHBB"}],"title":"SUSE CVE CVE-2017-1000450","tracking":{"current_release_date":"2025-10-07T10:07:55Z","generator":{"date":"2023-02-15T04:34:56Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-1000450","initial_release_date":"2023-02-15T04:34:56Z","revision_history":[{"date":"2023-02-15T04:34:56Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:17:07Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:00:23Z","number":"4","summary":"Current version"},{"date":"2025-01-01T08:10:09Z","number":"5","summary":"Current version"},{"date":"2025-02-18T07:21:30Z","number":"6","summary":"Current version"},{"date":"2025-03-14T04:22:47Z","number":"7","summary":"Current version"},{"date":"2025-03-15T12:48:27Z","number":"8","summary":"Current version"},{"date":"2025-04-25T07:28:15Z","number":"9","summary":"Current version"},{"date":"2025-10-07T10:07:55Z","number":"10","summary":"Current version"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15","product":{"name":"SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15","product":{"name":"SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Workstation Extension 15","product":{"name":"SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-we:15"}}},{"category":"product_version","name":"libopencv3_3","product":{"name":"libopencv3_3","product_id":"libopencv3_3","product_identification_helper":{"cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/libopencv3_3@?upstream=opencv.src.rpm"}}},{"category":"product_version","name":"opencv","product":{"name":"opencv","product_id":"opencv","product_identification_helper":{"cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/opencv@?upstream=opencv.src.rpm"}}},{"category":"product_version","name":"opencv-devel","product":{"name":"opencv-devel","product_id":"opencv-devel","product_identification_helper":{"cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/opencv-devel@?upstream=opencv.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libopencv3_3 as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:libopencv3_3"},"product_reference":"libopencv3_3","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"opencv as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:opencv"},"product_reference":"opencv","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"opencv-devel as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:opencv-devel"},"product_reference":"opencv-devel","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"libopencv3_3 as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:libopencv3_3"},"product_reference":"libopencv3_3","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"opencv as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:opencv"},"product_reference":"opencv","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"opencv-devel as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:opencv-devel"},"product_reference":"opencv-devel","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"libopencv3_3 as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:libopencv3_3"},"product_reference":"libopencv3_3","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"opencv as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:opencv"},"product_reference":"opencv","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"opencv-devel as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:opencv-devel"},"product_reference":"opencv-devel","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"libopencv3_3 as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:libopencv3_3"},"product_reference":"libopencv3_3","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"opencv as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:opencv"},"product_reference":"opencv","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"opencv-devel as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:opencv-devel"},"product_reference":"opencv-devel","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"}]},"vulnerabilities":[{"cve":"CVE-2017-1000450","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-1000450"}],"notes":[{"category":"general","text":"In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 15:libopencv3_3","SUSE Linux Enterprise Desktop 15:opencv","SUSE Linux Enterprise Desktop 15:opencv-devel","SUSE Linux Enterprise Server 15:libopencv3_3","SUSE Linux Enterprise Server 15:opencv","SUSE Linux Enterprise Server 15:opencv-devel","SUSE Linux Enterprise Server for SAP Applications 15:libopencv3_3","SUSE Linux Enterprise Server for SAP Applications 15:opencv","SUSE Linux Enterprise Server for SAP Applications 15:opencv-devel","SUSE Linux Enterprise Workstation Extension 15:libopencv3_3","SUSE Linux Enterprise Workstation Extension 15:opencv","SUSE Linux Enterprise Workstation Extension 15:opencv-devel"]},"references":[{"category":"external","summary":"CVE-2017-1000450","url":"https://www.suse.com/security/cve/CVE-2017-1000450"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1074487 for CVE-2017-1000450","url":"https://bugzilla.suse.com/1074487"},{"category":"external","summary":"Advisory link for openSUSE-SU-2018:1438-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZA5SRBQE625ARA3NW736BFDCR3ROHBB/#FZA5SRBQE625ARA3NW736BFDCR3ROHBB"}],"threats":[{"category":"impact","date":"2018-01-02T19:20:35Z","details":"important"}],"title":"CVE-2017-1000450"}]}