Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 616478 (CVE-2016-1516, CVE-2016-1517)

Summary: media-libs/opencv: multiple vulnerabilities (CVE-2016-{1516,1517})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED WONTFIX    
Severity: normal CC: amynka, dilfridge
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [upstream/cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-04-24 11:46:07 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=1443531:

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
Upstream issue:
https://github.com/opencv/opencv/issues/5956


From https://bugzilla.redhat.com/show_bug.cgi?id=1443528:

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
Upstream issue:
https://github.com/opencv/opencv/issues/5956


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Amy Liffey gentoo-dev 2017-06-04 19:13:01 UTC 
It seems it is only for opencv 3.0.0 and we do not have this version in tree. Can you confirm?