In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2799 advisory.

    Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer     overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or     other unspecified impact. For Debian 9 stretch, these problems have been fixed in version     2.4.9.1+dfsg1-2+deb9u1. We recommend that you upgrade your opencv packages. For the detailed security     status of opencv please refer to its security tracker page at: https://security-     tracker.debian.org/tracker/opencv Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Early versions of opencv have problems while reading data, which might result in either buffer overflows, out-of bounds errors or integer overflows.

Further assertion errors might happen due to incorrect integer cast.

For Debian 8 'Jessie', these problems have been fixed in version 2.4.9.1+dfsg-1+deb8u2.

We recommend that you upgrade your opencv packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for opencv fixes the following issues :

Security issues fixed :

  - CVE-2016-1516: OpenCV had a double free issue that     allowed attackers to execute arbitrary code.
    (boo#1033152)

  - CVE-2017-14136: OpenCV had an out-of-bounds write error     in the function FillColorRow1 in utils.cpp when reading     an image file by using cv::imread. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2017-12597. (boo#1057146)

  - CVE-2017-12606: OpenCV had an out-of-bounds write error     in the function FillColorRow4 in utils.cpp when reading     an image file by using cv::imread. (boo#1052451)

  - CVE-2017-12604: OpenCV had an out-of-bounds write error     in the FillUniColor function in utils.cpp when reading     an image file by using cv::imread. (boo#1052454)

  - CVE-2017-12603: OpenCV had an invalid write in the     cv::RLByteStream::getBytes function in     modules/imgcodecs/src/bitstrm.cpp when reading an image     file by using cv::imread, as demonstrated by the     2-opencv-heapoverflow-fseek test case. (boo#1052455)

  - CVE-2017-12602: OpenCV had a denial of service (memory     consumption) issue, as demonstrated by the     10-opencv-dos-memory-exhaust test case. (boo#1052456)

  - CVE-2017-12601: OpenCV had a buffer overflow in the     cv::BmpDecoder::readData function in     modules/imgcodecs/src/grfmt_bmp.cpp when reading an     image file by using cv::imread, as demonstrated by the     4-buf-overflow-readData-memcpy test case. (boo#1052457)

  - CVE-2017-12600: OpenCV had a denial of service (CPU     consumption) issue, as demonstrated by the     11-opencv-dos-cpu-exhaust test case. (boo#1052459)

  - CVE-2017-12599: OpenCV had an out-of-bounds read error     in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an     image file by using cv::imread. (boo#1052461)

  - CVE-2017-12598: OpenCV had an out-of-bounds read error     in the cv::RBaseStream::readBlock function in     modules/imgcodecs/src/bitstrm.cpp when reading an image     file by using cv::imread, as demonstrated by the     8-opencv-invalid-read-fread test case. (boo#1052462)

  - CVE-2017-12597: OpenCV had an out-of-bounds write error     in the function FillColorRow1 in utils.cpp when reading     an image file by using cv::imread. (boo#1052465)

  - CVE-2017-12864: In     opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function     ReadNumber did not checkout the input length, which lead     to integer overflow. If the image is from remote, may     lead to remote code execution or denial of service.
    (boo#1054019)

  - CVE-2017-12863: In     opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function     PxMDecoder::readData has an integer overflow when     calculate src_pitch. If the image is from remote, may     lead to remote code execution or denial of service.
    (boo#1054020)

  - CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp,     the length of buffer AutoBuffer _src is small than     expected, which will cause copy buffer overflow later.
    If the image is from remote, may lead to remote code     execution or denial of service. (boo#1054021)

  - CVE-2017-12605: OpenCV had an out-of-bounds write error     in the FillColorRow8 function in utils.cpp when reading     an image file by using cv::imread. (boo#1054984)

The remote host is affected by the vulnerability described in GLSA-201712-02 (OpenCV: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenCV. Please review       the referenced CVE identifiers for details.
  Impact :

    An attacker can cause a denial of service condition or conduct other       memory corruption attacks.
  Workaround :

    There are no known workarounds at this time.

OpenCV through version 3.3 has out-of-bounds read/write errors, buffer overflows and double free issues in different functions.

For Debian 7 'Wheezy', these problems have been fixed in version 2.3.1-11+deb7u2.

We recommend that you upgrade your opencv packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
154752	Debian DLA-2799-1 : opencv - LTS security update	Nessus	Debian Local Security Checks	high
111223	Debian DLA-1438-1 : opencv security update	Nessus	Debian Local Security Checks	high
110066	openSUSE Security Update : opencv (openSUSE-2018-492)	Nessus	SuSE Local Security Checks	high
105262	GLSA-201712-02 : OpenCV: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
103575	Debian DLA-1117-1 : opencv security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-12864

high

Tenable Plugins

high

high

high

high

high