CVE-2018-5268

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
opencvopencv
3.3.1
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opencv
bullseye
4.5.1+dfsg-5
fixed
bookworm
4.6.0+dfsg-12
fixed
sid
4.6.0+dfsg-14
fixed
trixie
4.6.0+dfsg-14
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opencv
bionic
Fixed 3.2.0+dfsg-4ubuntu0.1
released
artful
ignored
zesty
ignored
xenial
Fixed 2.4.9.1+dfsg-1.5ubuntu1.1
released
trusty
Fixed 2.4.8+dfsg1-2ubuntu1.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106945
https://github.com/opencv/opencv/issues/10541
https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
http://www.securityfocus.com/bid/106945
https://github.com/opencv/opencv/issues/10541
https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html