Univention Bugzilla – Bug 54009
opencv: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:47 CET
New Debian opencv 2.4.9.1+dfsg1-2+deb9u1 fixes: This update addresses the following issues: * Double free vulnerability on crafted image (CVE-2016-1516) * out-of-bounds write error in the function FillColorRow1 (CVE-2017-12597) * out-of-bounds read error in the cv::RBaseStream::readBlock function (CVE-2017-12598) * out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R (CVE-2017-12599) * buffer overflow in the cv::BmpDecoder::readData function (CVE-2017-12601) * invalid write in the cv::RLByteStream::getBytes function (CVE-2017-12603) * out-of-bounds write error in the function FillUniColor (CVE-2017-12604) * out-of-bounds write error in the function FillColorRow8 (CVE-2017-12605) * out-of-bounds write error in the function FillColorRow4 (CVE-2017-12606) * Heap-based buffer over-write in modules/imgcodecs/src/grfmt_pxm.cpp (CVE-2017-12862) * Integer overflow in PxMDecoder::readData function in imgcodecs/src/grfmt_pxm.cpp (CVE-2017-12863) * Integer overflow in ReadNumber function in opencv/modules/imgcodecs/src/grfmt_pxm.cpp (CVE-2017-12864) * Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp (CVE-2017-17760) * out of bounds write in functions FillUniColor and FillUniGray in opencv/modules/imgcodecs/src/utils.cpp (CVE-2017-1000450) * Heap-based buffer overflow in cv::Jpeg2KDecoder::readComponent8u (CVE-2018-5268) * Assertion failure due to incorrect integer cast (CVE-2018-5269) * NULL pointer dereference in function cv::XMLParser::parse() in persistence_xml.cpp leading to DoS (CVE-2019-14493) * division by zero in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp (CVE-2019-15939)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/opencv_2.4.9.1+dfsg1-2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/opencv_2.4.9.1+dfsg1-2+deb9u1.dsc @@ -1,3 +1,16 @@ +2.4.9.1+dfsg1-2+deb9u1 [Fri, 29 Oct 2021 23:02:09 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2016-1516, CVE-2017-12597, CVE-2017-12598,CVE-2017-12599, + CVE-2017-12601, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, + CVE-2017-12606, CVE-2017-12862, CVE-2017-12863, CVE-2017-12864, + CVE-2017-17760, CVE-2017-1000450, CVE-2018-5268, CVE-2018-5269, + CVE-2019-14493 and CVE-2019-15939. + * Several security vulnerabilities have been discovered in OpenCV, the Open + Computer Vision Library. Buffer overflows, NULL pointer dereferences and + out-of-bounds write error may lead to a denial-of-service or other + unspecified impact. + 2.4.9.1+dfsg1-2 [Mon, 03 Apr 2017 18:28:26 +0200] Mattia Rizzolo <mattia@debian.org>: * Team upload. <http://piuparts.knut.univention.de/4.4-8/#8858042785928967388>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1087>