Miggo Logo

CVE-2017-12600: Denial of Service in OpenCV

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.56861%
CWE
-
Published
10/12/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencv-pythonpip<= 3.3.0.93.3.1.11
opencv-contrib-pythonpip<= 3.3.0.93.3.1.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability was resolved in OpenCV 3.3.1 via PR #9376 which refactored imgcodecs. The test case name '11-opencv-dos-cpu-exhaust' and issue #9311 both point to PxM image parsing flaws. The grfmt_pxm.cpp modifications in the PR specifically address: 1) Infinite loop prevention in ReadNumber() through proper terminator checks, and 2) Added dimension validation in readData(). These changes correlate directly with the CVE's description of CPU exhaustion via malformed image processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*n*V (Op*n Sour** *omput*r Vision Li*r*ry) t*rou** *.* (*orr*spon*in* to Op*n*V-Pyt*on *.*.*.*) **s * **ni*l o* s*rvi** (*PU *onsumption) issu*, *s **monstr*t** *y t** **-op*n*v-*os-*pu-*x**ust t*st **s*.

Reasoning

T** vuln*r**ility w*s r*solv** in Op*n*V *.*.* vi* PR #**** w*i** r****tor** `im**o***s`. T** t*st **s* n*m* '**-op*n*v-*os-*pu-*x**ust' *n* issu* #**** *ot* point to PxM im*** p*rsin* *l*ws. T** `*r*mt_pxm.*pp` mo*i*i**tions in t** PR sp**i*i**lly *