CVE-2018-5269

MEDIUM5.5EPSS 0.48%

Reachable Assertion in OpenCV.

Published: 10/12/2021Modified: 11/8/2023

Also known as:GHSA-89rj-5ggj-3p9pDEBIAN-CVE-2018-5269

Description

In OpenCV 3.3.1 (corresponds with OpenCV-Python 3.3.1.11), an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.

Affected packages (3)

Debian/opencvfrom 0, < 3.2.0+dfsg-6
PyPI/opencv-contrib-pythonfrom 0, < 3.4.1.15
PyPI/opencv-pythonfrom 0, < 3.4.1.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-5269
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-5269
PATCHhttps://github.com/opencv/opencv-python
WEBhttps://github.com/opencv/opencv/issues/10540
WEBhttps://github.com/opencv/opencv/pull/10563
WEBhttps://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
WEBhttps://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
WEBhttps://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
WEBhttp://www.securityfocus.com/bid/106945