Detections
Analytics

Debian DLA-2799-1 : opencv - LTS security update

high Nessus Plugin ID 154752

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2799 advisory.

 - OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. (CVE-2016-1516)

 - In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. (CVE-2017-1000450)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. (CVE-2017-12597)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. (CVE-2017-12598)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. (CVE-2017-12599)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. (CVE-2017-12601)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. (CVE-2017-12603)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. (CVE-2017-12604)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. (CVE-2017-12605)

 - OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. (CVE-2017-12606)

 - In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. (CVE-2017-12862)

 - In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service.
 This affects Opencv 3.3 and earlier. (CVE-2017-12863)

 - In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. (CVE-2017-12864)

 - OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. (CVE-2017-17760)

 - In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. (CVE-2018-5268)

 - In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. (CVE-2018-5269)

 - An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. (CVE-2019-14493)

 - An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. (CVE-2019-15939)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the opencv packages.

For Debian 9 stretch, these problems have been fixed in version 2.4.9.1+dfsg1-2+deb9u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886282

https://security-tracker.debian.org/tracker/source-package/opencv

https://www.debian.org/lts/security/2021/dla-2799

https://security-tracker.debian.org/tracker/CVE-2016-1516

https://security-tracker.debian.org/tracker/CVE-2017-1000450

https://security-tracker.debian.org/tracker/CVE-2017-12597

https://security-tracker.debian.org/tracker/CVE-2017-12598

https://security-tracker.debian.org/tracker/CVE-2017-12599

https://security-tracker.debian.org/tracker/CVE-2017-12601

https://security-tracker.debian.org/tracker/CVE-2017-12603

https://security-tracker.debian.org/tracker/CVE-2017-12604

https://security-tracker.debian.org/tracker/CVE-2017-12605

https://security-tracker.debian.org/tracker/CVE-2017-12606

https://security-tracker.debian.org/tracker/CVE-2017-12862

https://security-tracker.debian.org/tracker/CVE-2017-12863

https://security-tracker.debian.org/tracker/CVE-2017-12864

https://security-tracker.debian.org/tracker/CVE-2017-17760

https://security-tracker.debian.org/tracker/CVE-2018-5268

https://security-tracker.debian.org/tracker/CVE-2018-5269

https://security-tracker.debian.org/tracker/CVE-2019-14493

https://security-tracker.debian.org/tracker/CVE-2019-15939

https://packages.debian.org/source/stretch/opencv

Plugin Details

Severity: High

ID: 154752

File Name: debian_DLA-2799.nasl

Version: 1.3

Type: local

Agent: unix

Published: 10/31/2021

Updated: 11/27/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-12864

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libcv-dev, p-cpe:/a:debian:debian_linux:libcv2.4, p-cpe:/a:debian:debian_linux:libcvaux-dev, p-cpe:/a:debian:debian_linux:libcvaux2.4, p-cpe:/a:debian:debian_linux:libhighgui-dev, p-cpe:/a:debian:debian_linux:libhighgui2.4, p-cpe:/a:debian:debian_linux:libopencv-calib3d-dev, p-cpe:/a:debian:debian_linux:libopencv-calib3d2.4v5, p-cpe:/a:debian:debian_linux:libopencv-contrib-dev, p-cpe:/a:debian:debian_linux:libopencv-contrib2.4v5, p-cpe:/a:debian:debian_linux:libopencv-core-dev, p-cpe:/a:debian:debian_linux:libopencv-core2.4v5, p-cpe:/a:debian:debian_linux:libopencv-dev, p-cpe:/a:debian:debian_linux:libopencv-features2d-dev, p-cpe:/a:debian:debian_linux:libopencv-features2d2.4v5, p-cpe:/a:debian:debian_linux:libopencv-flann-dev, p-cpe:/a:debian:debian_linux:libopencv-flann2.4v5, p-cpe:/a:debian:debian_linux:libopencv-gpu-dev, p-cpe:/a:debian:debian_linux:libopencv-gpu2.4v5, p-cpe:/a:debian:debian_linux:libopencv-highgui-dev, p-cpe:/a:debian:debian_linux:libopencv-highgui2.4-deb0, p-cpe:/a:debian:debian_linux:libopencv-imgproc-dev, p-cpe:/a:debian:debian_linux:libopencv-imgproc2.4v5, p-cpe:/a:debian:debian_linux:libopencv-legacy-dev, p-cpe:/a:debian:debian_linux:libopencv-legacy2.4v5, p-cpe:/a:debian:debian_linux:libopencv-ml-dev, p-cpe:/a:debian:debian_linux:libopencv-ml2.4v5, p-cpe:/a:debian:debian_linux:libopencv-objdetect-dev, p-cpe:/a:debian:debian_linux:libopencv-objdetect2.4v5, p-cpe:/a:debian:debian_linux:libopencv-ocl-dev, p-cpe:/a:debian:debian_linux:libopencv-ocl2.4v5, p-cpe:/a:debian:debian_linux:libopencv-photo-dev, p-cpe:/a:debian:debian_linux:libopencv-photo2.4v5, p-cpe:/a:debian:debian_linux:libopencv-stitching-dev, p-cpe:/a:debian:debian_linux:libopencv-stitching2.4v5, p-cpe:/a:debian:debian_linux:libopencv-superres-dev, p-cpe:/a:debian:debian_linux:libopencv-superres2.4v5, p-cpe:/a:debian:debian_linux:libopencv-ts-dev, p-cpe:/a:debian:debian_linux:libopencv-ts2.4v5, p-cpe:/a:debian:debian_linux:libopencv-video-dev, p-cpe:/a:debian:debian_linux:libopencv-video2.4v5, p-cpe:/a:debian:debian_linux:libopencv-videostab-dev, p-cpe:/a:debian:debian_linux:libopencv-videostab2.4v5, p-cpe:/a:debian:debian_linux:libopencv2.4-java, p-cpe:/a:debian:debian_linux:libopencv2.4-jni, p-cpe:/a:debian:debian_linux:opencv-data, p-cpe:/a:debian:debian_linux:opencv-doc, p-cpe:/a:debian:debian_linux:python-opencv, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2021

Vulnerability Publication Date: 4/10/2017

Reference Information

CVE: CVE-2016-1516, CVE-2017-1000450, CVE-2017-12597, CVE-2017-12598, CVE-2017-12599, CVE-2017-12601, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, CVE-2017-12606, CVE-2017-12862, CVE-2017-12863, CVE-2017-12864, CVE-2017-17760, CVE-2018-5268, CVE-2018-5269, CVE-2019-14493, CVE-2019-15939