Detections
Analytics
openSUSE Security Update : opencv (openSUSE-2018-492)
high Nessus Plugin ID 110066
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for opencv fixes the following issues :Security issues fixed :
- CVE-2016-1516: OpenCV had a double free issue that allowed attackers to execute arbitrary code.
(boo#1033152)
- CVE-2017-14136: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. (boo#1057146)
- CVE-2017-12606: OpenCV had an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. (boo#1052451)
- CVE-2017-12604: OpenCV had an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. (boo#1052454)
- CVE-2017-12603: OpenCV had an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. (boo#1052455)
- CVE-2017-12602: OpenCV had a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. (boo#1052456)
- CVE-2017-12601: OpenCV had a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. (boo#1052457)
- CVE-2017-12600: OpenCV had a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. (boo#1052459)
- CVE-2017-12599: OpenCV had an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. (boo#1052461)
- CVE-2017-12598: OpenCV had an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. (boo#1052462)
- CVE-2017-12597: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. (boo#1052465)
- CVE-2017-12864: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service.
(boo#1054019)
- CVE-2017-12863: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service.
(boo#1054020)
- CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later.
If the image is from remote, may lead to remote code execution or denial of service. (boo#1054021)
- CVE-2017-12605: OpenCV had an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. (boo#1054984)
Solution
Update the affected opencv packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1033152
https://bugzilla.opensuse.org/show_bug.cgi?id=1052451
https://bugzilla.opensuse.org/show_bug.cgi?id=1052454
https://bugzilla.opensuse.org/show_bug.cgi?id=1052455
https://bugzilla.opensuse.org/show_bug.cgi?id=1052456
https://bugzilla.opensuse.org/show_bug.cgi?id=1052457
https://bugzilla.opensuse.org/show_bug.cgi?id=1052459
https://bugzilla.opensuse.org/show_bug.cgi?id=1052461
https://bugzilla.opensuse.org/show_bug.cgi?id=1052462
https://bugzilla.opensuse.org/show_bug.cgi?id=1052465
https://bugzilla.opensuse.org/show_bug.cgi?id=1054019
https://bugzilla.opensuse.org/show_bug.cgi?id=1054020
https://bugzilla.opensuse.org/show_bug.cgi?id=1054021
Plugin Details
Severity: High
ID: 110066
File Name: openSUSE-2018-492.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/24/2018
Updated: 10/3/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-12864
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:opencv-devel, p-cpe:/a:novell:opensuse:python-opencv-qt5, p-cpe:/a:novell:opensuse:python3-opencv-debuginfo, p-cpe:/a:novell:opensuse:libopencv3_1-debuginfo, p-cpe:/a:novell:opensuse:python-opencv-debuginfo, p-cpe:/a:novell:opensuse:opencv-qt5-debuginfo, p-cpe:/a:novell:opensuse:python-opencv-qt5-debuginfo, p-cpe:/a:novell:opensuse:python3-opencv, p-cpe:/a:novell:opensuse:python3-opencv-qt5, p-cpe:/a:novell:opensuse:libopencv-qt56_3, p-cpe:/a:novell:opensuse:opencv-qt5, p-cpe:/a:novell:opensuse:opencv-qt5-debugsource, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:opencv-debugsource, p-cpe:/a:novell:opensuse:opencv, p-cpe:/a:novell:opensuse:libopencv3_1, p-cpe:/a:novell:opensuse:python-opencv, p-cpe:/a:novell:opensuse:opencv-debuginfo, p-cpe:/a:novell:opensuse:opencv-qt5-devel, p-cpe:/a:novell:opensuse:libopencv-qt56_3-debuginfo, p-cpe:/a:novell:opensuse:python3-opencv-qt5-debuginfo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/23/2018
Reference Information
CVE: CVE-2016-1516, CVE-2017-12597, CVE-2017-12598, CVE-2017-12599, CVE-2017-12600, CVE-2017-12601, CVE-2017-12602, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, CVE-2017-12606, CVE-2017-12862, CVE-2017-12863, CVE-2017-12864, CVE-2017-14136