Miggo Logo
Miggo Vulnerability Database
CVE-2017-12863

CVE-2017-12863: Integer Overflow or Wraparound in OpenCV

8.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-12863
GHSA ID
GHSA-wq8f-wvqp-xvvm
EPSS Score
0.73798%
CWE
CWE-190
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencv-pythonpip<= 3.3.0.93.3.1.11
opencv-contrib-pythonpip<= 3.3.0.93.3.1.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The CVE description explicitly names PxMDecoder::readData as the vulnerable function. The GitHub issue (#9371) and ASAN crash log confirm integer overflows in src_pitch calculations at grfmt_pxm.cpp lines 199-201. The vulnerability stems from unsafe multiplication of width/bpp values without overflow checks, leading to memory corruption. Multiple authoritative sources (NVD, GitHub Advisory, Debian/gentoo security notices) corroborate this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In op*n*v/mo*ul*s/im**o***s/sr*/*r*mt_pxm.*pp, *un*tion PxM***o**r::r*****t* **s *n int***r ov*r*low w**n **l*ul*t* sr*_pit**. I* t** im*** is *rom r*mot*, m*y l*** to r*mot* *o** *x**ution or **ni*l o* s*rvi**. T*is *****ts Op*n*V *.* (*orr*spon*in*

Reasoning

T** *V* **s*ription *xpli*itly n*m*s PxM***o**r::r*****t* *s t** vuln*r**l* *un*tion. T** *it*u* issu* (#****) *n* *S*N *r*s* lo* *on*irm int***r ov*r*lows in sr*_pit** **l*ul*tions *t *r*mt_pxm.*pp lin*s ***-***. T** vuln*r**ility st*ms *rom uns***