CVE-2017-1000450

HIGH

OpenCV < 3.3.0 - Integer Overflow in FillUniColor and FillUniGray

Title source: llm

Description

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

References (5)

Core 5

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor

View Exploit ZIP pw:eip

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/opencv/opencv/issues/9723

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html

Scores

CVSS v3 8.8

EPSS 0.0323

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (6)

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

opencv/opencv < 3.3.0

pypi/opencv-contrib-python 0 - 3.3.1.11PyPI

pypi/opencv-python 0 - 3.3.1.11PyPI

Published Jan 02, 2018

Tracked Since Feb 18, 2026