CVE-2018-5268

Published: 08 January 2018

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

From the Ubuntu security team

It was discovered that OpenCV incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or other unspecified impact.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
opencv
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.9.1+dfsg-1+deb8u2, 2.3.1-11+deb7u4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.2.0+dfsg-4ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.4.9.1+dfsg-1.5ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.8+dfsg1-2ubuntu1.1)