Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 627958 (CVE-2017-12862, CVE-2017-12863, CVE-2017-12864)

Summary: <media-libs/opencv-{2.4.13-r2, 3.3.0-r1}: Multiple Denial of Service Vulnerabilities (CVE-2017-{12864,12863,12862})
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: amynka, dilfridge
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 627230    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-08-15 18:49:01 UTC 
CVE-2017-12864 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12864):

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9372

CVE-2017-12863 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12863):

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9371

CVE-2017-12862 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12862):

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9370
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-01 00:25:35 UTC 
Upstream fixed:

https://github.com/opencv/opencv/pull/9383


Gentoo Security Padawan
ChrisADR
Comment 2 Amy Liffey gentoo-dev 2017-09-01 12:03:23 UTC 
commit a900af241376ab156509ae9a3832dfeb332d95b7
Author: Amy Liffey <amynka@gentoo.org>
Date:   Fri Sep 1 13:34:13 2017 +0200

    media-libs/opencv: 2.4.13 add imgcodecs patch bug #627958

I will fix it for 3.x versions by version bump to 3.3.0 and applying the patch soon.
Comment 3 Amy Liffey gentoo-dev 2017-09-19 07:55:16 UTC 
commit bf987cafbb90f2c798f98539141121d20ddfd796D
Author: Amy Liffey <amynka@gentoo.org>
Date:   Tue Sep 19 09:46:54 2017 +0200

    media-libs/opencv: version bump 3.3.0 bug #629534
    
    - Patch for CVEs bug #627958
    - Add required use for bug #621986
    - Version bump fixes bug #627954


Fixes for version 3.* vulnerable versions 3.1 and 3.2 still in tree.
Comment 4 Aleksandr Wagner (Kivak) 2017-09-20 17:09:13 UTC 
Future stabilization will occur on bug 627230.
Comment 5 D'juan McDonald (domhnall) 2017-12-07 14:28:08 UTC 
Added to existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-12-14 17:04:25 UTC 
This issue was resolved and addressed in
 GLSA 201712-02 at https://security.gentoo.org/glsa/201712-02
by GLSA coordinator Thomas Deutschmann (whissi).