CVE-2017-14136 — Out-of-bounds Write in OpenCV

Description

OpenCV (Open Source Computer Vision Library) 3.3 (corresponding to OpenCV-Python 3.3.0.9) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.

How to fix CVE-2017-14136

To remediate CVE-2017-14136, upgrade the affected package to a fixed version below.

—upgrade to 3.3.1.11 or later
—upgrade to 3.3.1.11 or later

Is CVE-2017-14136 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.3.1.11
from 0, < 3.3.1.11

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-14136
PATCHgithub.com/opencv/opencv-python
WEBgithub.com/opencv/opencv/issues/9443
WEBgithub.com/opencv/opencv/pull/9448
WEBgithub.com/xiaoqx/pocs/blob/master/opencv.md