Security update for opencv SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1438-1 Final 1 1 2018-05-28T05:45:07Z current 2018-05-28T05:45:07Z 2018-05-28T05:45:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opencv This update for opencv fixes the following issues: - CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image file. (boo#1075017) - CVE-2017-17760: Fixed an buffer overflow in function cv::PxMDecoder::readData (boo#1074313) - CVE-2017-18009: Fixed a heap-based buffer over-read in function cv::HdrDecoder::checkSignature (boo#1074312) - CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check the input length which could lead to out of bounds writes and crashes (boo#1074487) - CVE-2018-5269: Fixed an assertion failure happens in cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast (bsc#1075019). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html E-Mail link for openSUSE-SU-2018:1438-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libopencv-qt56_3-3.1.0-4.11.1 libopencv3_1-3.1.0-4.11.1 opencv-3.1.0-4.11.1 opencv-devel-3.1.0-4.11.1 opencv-doc-3.1.0-4.11.1 opencv-qt5-3.1.0-4.11.1 opencv-qt5-devel-3.1.0-4.11.1 opencv-qt5-doc-3.1.0-4.11.1 python-opencv-3.1.0-4.11.1 python-opencv-qt5-3.1.0-4.11.1 python3-opencv-3.1.0-4.11.1 python3-opencv-qt5-3.1.0-4.11.1 libopencv-qt56_3-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 libopencv3_1-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-devel-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-doc-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-qt5-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-qt5-devel-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 opencv-qt5-doc-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 python-opencv-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 python-opencv-qt5-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 python3-opencv-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 python3-opencv-qt5-3.1.0-4.11.1 as a component of openSUSE Leap 42.3 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. CVE-2017-1000450 openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1 openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-doc-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-doc-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-qt5-3.1.0-4.11.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html https://www.suse.com/security/cve/CVE-2017-1000450.html CVE-2017-1000450 https://bugzilla.suse.com/1074487 SUSE Bug 1074487 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. CVE-2017-17760 openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1 openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-doc-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-doc-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-qt5-3.1.0-4.11.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html https://www.suse.com/security/cve/CVE-2017-17760.html CVE-2017-17760 https://bugzilla.suse.com/1074313 SUSE Bug 1074313 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. CVE-2017-18009 openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1 openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-doc-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-doc-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-qt5-3.1.0-4.11.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html https://www.suse.com/security/cve/CVE-2017-18009.html CVE-2017-18009 https://bugzilla.suse.com/1074312 SUSE Bug 1074312 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. CVE-2018-5268 openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1 openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-doc-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-doc-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-qt5-3.1.0-4.11.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html https://www.suse.com/security/cve/CVE-2018-5268.html CVE-2018-5268 https://bugzilla.suse.com/1075017 SUSE Bug 1075017 In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. CVE-2018-5269 openSUSE Leap 42.3:libopencv-qt56_3-3.1.0-4.11.1 openSUSE Leap 42.3:libopencv3_1-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-doc-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-devel-3.1.0-4.11.1 openSUSE Leap 42.3:opencv-qt5-doc-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python-opencv-qt5-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-3.1.0-4.11.1 openSUSE Leap 42.3:python3-opencv-qt5-3.1.0-4.11.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00106.html https://www.suse.com/security/cve/CVE-2018-5269.html CVE-2018-5269 https://bugzilla.suse.com/1075019 SUSE Bug 1075019