Main Vulnerability Database Vulnerabilities #VU38462

Buffer overflow in Debian Linux - CVE-2017-12862

Published: August 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38462

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-12862

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian

Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

How to mitigate CVE-2017-12862

Install update from vendor's website.

Sources

https://github.com/opencv/opencv/issues/9370
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://security.gentoo.org/glsa/201712-02

Buffer overflow in Debian Linux - CVE-2017-12862

Detailed vulnerability description

How to mitigate CVE-2017-12862

Sources

Please verify you're human