Main Vulnerability Database Vulnerabilities #VU38464

Integer overflow in Debian Linux - CVE-2017-12864

Published: August 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38464

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-12864

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian

Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

How to mitigate CVE-2017-12864

Install update from vendor's website.

Sources

https://github.com/opencv/opencv/issues/9372
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://security.gentoo.org/glsa/201712-02

Integer overflow in Debian Linux - CVE-2017-12864

Detailed vulnerability description

How to mitigate CVE-2017-12864

Sources

Please verify you're human