Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 616478 (CVE-2016-1516, CVE-2016-1517) - media-libs/opencv: multiple vulnerabilities (CVE-2016-{1516,1517})
Summary: media-libs/opencv: multiple vulnerabilities (CVE-2016-{1516,1517})
Status: RESOLVED WONTFIX
Alias: CVE-2016-1516, CVE-2016-1517
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [upstream/cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-24 11:46 UTC by Agostino Sarubbo
Modified: 2018-12-04 23:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-24 11:46:07 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=1443531:

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
Upstream issue:
https://github.com/opencv/opencv/issues/5956


From https://bugzilla.redhat.com/show_bug.cgi?id=1443528:

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
Upstream issue:
https://github.com/opencv/opencv/issues/5956


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Amy Liffey gentoo-dev 2017-06-04 19:13:01 UTC
It seems it is only for opencv 3.0.0 and we do not have this version in tree. Can you confirm?