Out-of-bounds Write in OpenCV
High severity
GitHub Reviewed
Published
Oct 12, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Aug 7, 2017
Reviewed
Oct 7, 2021
Published to the GitHub Advisory Database
Oct 12, 2021
Last updated
Feb 1, 2023
OpenCV (Open Source Computer Vision Library) through 3.3 (corresponding to OpenCV-Python and OpenCV-Contrib-Python 3.3.0.9) has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
References