This update for opencv fixes the following issues :

Security issues fixed :

  - CVE-2016-1516: OpenCV had a double free issue that     allowed attackers to execute arbitrary code.
    (boo#1033152)

  - CVE-2017-14136: OpenCV had an out-of-bounds write error     in the function FillColorRow1 in utils.cpp when reading     an image file by using cv::imread. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2017-12597. (boo#1057146)

  - CVE-2017-12606: OpenCV had an out-of-bounds write error     in the function FillColorRow4 in utils.cpp when reading     an image file by using cv::imread. (boo#1052451)

  - CVE-2017-12604: OpenCV had an out-of-bounds write error     in the FillUniColor function in utils.cpp when reading     an image file by using cv::imread. (boo#1052454)

  - CVE-2017-12603: OpenCV had an invalid write in the     cv::RLByteStream::getBytes function in     modules/imgcodecs/src/bitstrm.cpp when reading an image     file by using cv::imread, as demonstrated by the     2-opencv-heapoverflow-fseek test case. (boo#1052455)

  - CVE-2017-12602: OpenCV had a denial of service (memory     consumption) issue, as demonstrated by the     10-opencv-dos-memory-exhaust test case. (boo#1052456)

  - CVE-2017-12601: OpenCV had a buffer overflow in the     cv::BmpDecoder::readData function in     modules/imgcodecs/src/grfmt_bmp.cpp when reading an     image file by using cv::imread, as demonstrated by the     4-buf-overflow-readData-memcpy test case. (boo#1052457)

  - CVE-2017-12600: OpenCV had a denial of service (CPU     consumption) issue, as demonstrated by the     11-opencv-dos-cpu-exhaust test case. (boo#1052459)

  - CVE-2017-12599: OpenCV had an out-of-bounds read error     in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an     image file by using cv::imread. (boo#1052461)

  - CVE-2017-12598: OpenCV had an out-of-bounds read error     in the cv::RBaseStream::readBlock function in     modules/imgcodecs/src/bitstrm.cpp when reading an image     file by using cv::imread, as demonstrated by the     8-opencv-invalid-read-fread test case. (boo#1052462)

  - CVE-2017-12597: OpenCV had an out-of-bounds write error     in the function FillColorRow1 in utils.cpp when reading     an image file by using cv::imread. (boo#1052465)

  - CVE-2017-12864: In     opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function     ReadNumber did not checkout the input length, which lead     to integer overflow. If the image is from remote, may     lead to remote code execution or denial of service.
    (boo#1054019)

  - CVE-2017-12863: In     opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function     PxMDecoder::readData has an integer overflow when     calculate src_pitch. If the image is from remote, may     lead to remote code execution or denial of service.
    (boo#1054020)

  - CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp,     the length of buffer AutoBuffer _src is small than     expected, which will cause copy buffer overflow later.
    If the image is from remote, may lead to remote code     execution or denial of service. (boo#1054021)

  - CVE-2017-12605: OpenCV had an out-of-bounds write error     in the FillColorRow8 function in utils.cpp when reading     an image file by using cv::imread. (boo#1054984)

Detections

Analytics

openSUSE Security Update : opencv (openSUSE-2018-492)

high Nessus Plugin ID 110066

Version 1.4