CVE-2016-1517

Description

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.

How to fix CVE-2016-1517

To remediate CVE-2016-1517, upgrade the affected package to a fixed version below.

• Debian/opencv—upgrade to 3.2.0+dfsg-6 or later
• PyPI/opencv-contrib-python—upgrade to 3.3.1.11 or later
• —upgrade to 3.3.1.11 or later

Is CVE-2016-1517 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 3.2.0+dfsg-6
• from 0, < 3.3.1.11
• from 0, < 3.3.1.11

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1517
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2016-1517
• PATCHgithub.com/opencv/opencv-python
• WEBarxiv.org/pdf/1701.04739.pdf
• WEBgithub.com