Miggo Logo
Miggo Vulnerability Database
CVE-2017-12862

CVE-2017-12862: Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-12862
GHSA ID
GHSA-5rpc-gwh9-q9fg
EPSS Score
0.76396%
CWE
CWE-119
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencv-pythonpip<= 3.3.0.93.3.1.11
opencv-contrib-pythonpip<= 3.3.0.93.3.1.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the buffer allocation logic in cv::PxMDecoder::readData() where src_pitch is miscalculated. The GitHub issue #9370 explicitly shows a crash in this function at line 237 during src[x] writes, with m_width significantly larger than src_pitch. The CVE description confirms this leads to copy buffer overflow. The patch in OpenCV 3.3.1.11 (via PR #9376) would logically address this buffer size calculation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In mo*ul*s/im**o***s/sr*/*r*mt_pxm.*pp, t** l*n*t* o* *u***r *uto*u***r _sr* is sm*ll t**n *xp**t**, w*i** will **us* *opy *u***r ov*r*low l*t*r. I* t** im*** is *rom r*mot*, m*y l*** to r*mot* *o** *x**ution or **ni*l o* s*rvi**. T*is *****ts Op*n*V

Reasoning

T** vuln*r**ility st*ms *rom t** *u***r *llo**tion lo*i* in *v::PxM***o**r::r*****t*() w**r* sr*_pit** is mis**l*ul*t**. T** *it*u* issu* #**** *xpli*itly s*ows * *r*s* in t*is *un*tion *t lin* *** *urin* sr*[x] writ*s, wit* m_wi*t* si*ni*i**ntly l*r