CVE-2017-17760: Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
6.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.79517%
CWE
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
opencv-python | pip | <= 3.3.1.11 | 3.4.0.12 |
opencv-contrib-python | pip | <= 3.3.1.11 | 3.4.0.12 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description explicitly identifies cv::PxMDecoder::readData in grfmt_pxm.cpp as the vulnerable function. The GitHub commit diff shows the fix involved changing the memcpy size parameter from CV_ELEM_SIZE1(m_type) to img.elemSize1(), confirming the root cause was an incorrect size calculation. The ASAN error trace in the GitHub issue demonstrates a heap-buffer-overflow occurring in this function during memory copy operations. All primary sources (CVE, GHSA, commit diff, and issue tracker) consistently point to this single function as the vulnerability location.