CVE-2017-18009 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-18009 Interim 1 30 2023-12-09T00:58:03Z current 2021-05-30T14:05:18Z 2023-12-09T00:58:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-18009 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZA5SRBQE625ARA3NW736BFDCR3ROHBB/#FZA5SRBQE625ARA3NW736BFDCR3ROHBB E-Mail link for openSUSE-SU-2018:1438-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHY6YJ3Y6LBANQFAWJDVH33U3PEJTPT4/#SHY6YJ3Y6LBANQFAWJDVH33U3PEJTPT4 E-Mail link for openSUSE-SU-2018:1697-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP3 openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 libopencv3_3 libopencv3_3-3.3.1-4.5 libopencv3_3-3.3.1-6.6.1 libopencv3_3-3.3.1-lp150.4.3.1 libopencv3_3-3.3.1-lp152.7.9 opencv opencv-3.3.1-4.5 opencv-3.3.1-6.6.1 opencv-3.3.1-lp150.4.3.1 opencv-3.3.1-lp152.7.9 opencv-devel opencv-devel-3.3.1-4.5 opencv-devel-3.3.1-6.6.1 opencv-devel-3.3.1-lp150.4.3.1 opencv-doc-3.3.1-lp150.4.3.1 python2-opencv-3.3.1-lp150.4.3.1 python3-opencv-3.3.1-lp150.4.3.1 python3-opencv-3.3.1-lp152.7.9 libopencv3_3-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 opencv-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 opencv-devel-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 libopencv3_3-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 opencv-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 opencv-devel-3.3.1-4.5 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 libopencv3_3-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 opencv-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 opencv-devel-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 libopencv3_3-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 opencv-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 opencv-devel-3.3.1-6.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libopencv3_3-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 opencv-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 opencv-devel-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 opencv-doc-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 python2-opencv-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 python3-opencv-3.3.1-lp150.4.3.1 as a component of openSUSE Leap 15.0 libopencv3_3-3.3.1-lp152.7.9 as a component of openSUSE Leap 15.2 opencv-3.3.1-lp152.7.9 as a component of openSUSE Leap 15.2 python3-opencv-3.3.1-lp152.7.9 as a component of openSUSE Leap 15.2 libopencv3_3-3.3.1-6.6.1 as a component of openSUSE Leap 15.3 libopencv3_3 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 opencv as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 opencv-devel as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. CVE-2017-18009 SUSE Linux Enterprise Workstation Extension 15:libopencv3_3-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15:opencv-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15:opencv-devel-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15 SP1:libopencv3_3-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15 SP1:opencv-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15 SP1:opencv-devel-3.3.1-4.5 SUSE Linux Enterprise Workstation Extension 15 SP2:libopencv3_3-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP2:opencv-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP2:opencv-devel-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libopencv3_3-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP3:opencv-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP3:opencv-devel-3.3.1-6.6.1 openSUSE Leap 15.0:libopencv3_3-3.3.1-lp150.4.3.1 openSUSE Leap 15.0:opencv-3.3.1-lp150.4.3.1 openSUSE Leap 15.0:opencv-devel-3.3.1-lp150.4.3.1 openSUSE Leap 15.0:opencv-doc-3.3.1-lp150.4.3.1 openSUSE Leap 15.0:python2-opencv-3.3.1-lp150.4.3.1 openSUSE Leap 15.0:python3-opencv-3.3.1-lp150.4.3.1 openSUSE Leap 15.2:libopencv3_3-3.3.1-lp152.7.9 openSUSE Leap 15.2:opencv-3.3.1-lp152.7.9 openSUSE Leap 15.2:python3-opencv-3.3.1-lp152.7.9 openSUSE Leap 15.3:libopencv3_3-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 SP2:libopencv3_3 SUSE Linux Enterprise Workstation Extension 15 SP2:opencv SUSE Linux Enterprise Workstation Extension 15 SP2:opencv-devel important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H