627958 – (CVE-2017-12862, CVE-2017-12863, CVE-2017-12864) <media-libs/opencv-{2.4.13-r2, 3.3.0-r1}: Multiple Denial of Service Vulnerabilities (CVE-2017-{12864,12863,12862})

Bug 627958 (CVE-2017-12862, CVE-2017-12863, CVE-2017-12864) - <media-libs/opencv-{2.4.13-r2, 3.3.0-r1}: Multiple Denial of Service Vulnerabilities (CVE-2017-{12864,12863,12862})

Summary: <media-libs/opencv-{2.4.13-r2, 3.3.0-r1}: Multiple Denial of Service Vulnerab...

Status:	RESOLVED FIXED

Alias:	CVE-2017-12862, CVE-2017-12863, CVE-2017-12864

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa cve blocked]
Keywords:

Depends on:	CVE-2017-12597, CVE-2017-12598, CVE-2017-12599, CVE-2017-12600, CVE-2017-12601, CVE-2017-12602, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, CVE-2017-12606, CVE-2017-14136
Blocks:
	Show dependency tree

Reported:	2017-08-15 18:49 UTC by Aleksandr Wagner (Kivak)
Modified:	2017-12-14 17:04 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aleksandr Wagner (Kivak) 2017-08-15 18:49:01 UTC

CVE-2017-12864 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12864):

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9372

CVE-2017-12863 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12863):

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9371

CVE-2017-12862 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12862):

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 

References:

https://github.com/opencv/opencv/issues/9370

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-09-01 00:25:35 UTC

Upstream fixed:

https://github.com/opencv/opencv/pull/9383


Gentoo Security Padawan
ChrisADR

Comment 2 Amy Liffey gentoo-dev

2017-09-01 12:03:23 UTC

commit a900af241376ab156509ae9a3832dfeb332d95b7
Author: Amy Liffey <amynka@gentoo.org>
Date:   Fri Sep 1 13:34:13 2017 +0200

    media-libs/opencv: 2.4.13 add imgcodecs patch bug #627958

I will fix it for 3.x versions by version bump to 3.3.0 and applying the patch soon.

Comment 3 Amy Liffey gentoo-dev

2017-09-19 07:55:16 UTC

commit bf987cafbb90f2c798f98539141121d20ddfd796D
Author: Amy Liffey <amynka@gentoo.org>
Date:   Tue Sep 19 09:46:54 2017 +0200

    media-libs/opencv: version bump 3.3.0 bug #629534
    
    - Patch for CVEs bug #627958
    - Add required use for bug #621986
    - Version bump fixes bug #627954


Fixes for version 3.* vulnerable versions 3.1 and 3.2 still in tree.

Comment 4 Aleksandr Wagner (Kivak) 2017-09-20 17:09:13 UTC

Future stabilization will occur on bug 627230.

Comment 5 D'juan McDonald (domhnall) 2017-12-07 14:28:08 UTC

Added to existing GLSA request.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2017-12-14 17:04:25 UTC

This issue was resolved and addressed in
 GLSA 201712-02 at https://security.gentoo.org/glsa/201712-02
by GLSA coordinator Thomas Deutschmann (whissi).