{"url":"http://public2.vulnerablecode.io/api/packages/516668?format=json","purl":"pkg:deb/debian/opencv@0.9.5-10","type":"deb","namespace":"debian","name":"opencv","version":"0.9.5-10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.1+dfsg-5","latest_non_vulnerable_version":"4.5.1+dfsg-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41558?format=json","vulnerability_id":"VCID-1bk1-pc9v-ykgv","summary":"Double Free\nOpenCV has a double free issue that allows attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1516.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1516","reference_id":"","reference_type":"","scores":[{"value":"0.0076","scoring_system":"epss","scoring_elements":"0.73707","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0076","scoring_system":"epss","scoring_elements":"0.73747","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0076","scoring_system":"epss","scoring_elements":"0.73744","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1516"},{"reference_url":"https://arxiv.org/pdf/1701.04739.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arxiv.org/pdf/1701.04739.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1516"},{"reference_url":"https://github.com/opencv/opencv/issues/5956","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/5956"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443528","reference_id":"1443528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872043","reference_id":"872043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1516","reference_id":"CVE-2016-1516","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1516"},{"reference_url":"https://github.com/advisories/GHSA-cvhw-2593-5j2q","reference_id":"GHSA-cvhw-2593-5j2q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cvhw-2593-5j2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2016-1516","GHSA-cvhw-2593-5j2q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bk1-pc9v-ykgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41566?format=json","vulnerability_id":"VCID-1qhy-7pnz-aqga","summary":"Out-of-bounds Write\nAn issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14492.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14492","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64405","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64396","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14492"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a"},{"reference_url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c"},{"reference_url":"https://github.com/opencv/opencv/issues/15124","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/15124"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797445","reference_id":"1797445","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797445"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14492","reference_id":"CVE-2019-14492","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14492"},{"reference_url":"https://github.com/advisories/GHSA-fw99-f933-rgh8","reference_id":"GHSA-fw99-f933-rgh8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fw99-f933-rgh8"},{"reference_url":"https://usn.ubuntu.com/USN-4818-1/","reference_id":"USN-USN-4818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4818-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-14492","GHSA-fw99-f933-rgh8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qhy-7pnz-aqga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41550?format=json","vulnerability_id":"VCID-21n5-7ukh-gyfr","summary":"NULL Pointer Dereference\nAn issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14493.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14493","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37669","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37574","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14493"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c"},{"reference_url":"https://github.com/opencv/opencv/issues/15127","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/15127"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797450","reference_id":"1797450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14493","reference_id":"CVE-2019-14493","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14493"},{"reference_url":"https://github.com/advisories/GHSA-3448-vrgh-85xr","reference_id":"GHSA-3448-vrgh-85xr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3448-vrgh-85xr"},{"reference_url":"https://usn.ubuntu.com/7247-1/","reference_id":"USN-7247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7247-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4818-1/","reference_id":"USN-USN-4818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4818-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-14493","GHSA-3448-vrgh-85xr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21n5-7ukh-gyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41571?format=json","vulnerability_id":"VCID-22su-dw4m-pfe6","summary":"Denial of Service in OpenCV\nOpenCV (Open Source Computer Vision Library) has a denial of service (CPU consumption) issue, as demonstrated by the test case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12600.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12600","reference_id":"","reference_type":"","scores":[{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73879","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.7392","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12600"},{"reference_url":"https://github.com/opencv/opencv/issues/9311","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9311"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483895","reference_id":"1483895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483895"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872045","reference_id":"872045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872045"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12600","reference_id":"CVE-2017-12600","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12600"},{"reference_url":"https://github.com/advisories/GHSA-fr58-2xhv-qp3w","reference_id":"GHSA-fr58-2xhv-qp3w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fr58-2xhv-qp3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12600","GHSA-fr58-2xhv-qp3w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22su-dw4m-pfe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41554?format=json","vulnerability_id":"VCID-25vm-cytf-bqb1","summary":"Out-of-bounds Write\nAn exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5063.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5063","reference_id":"","reference_type":"","scores":[{"value":"0.05482","scoring_system":"epss","scoring_elements":"0.90386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05482","scoring_system":"epss","scoring_elements":"0.90371","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5063"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5063"},{"reference_url":"https://github.com/opencv/opencv/issues/16951","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/16951"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/25"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790055","reference_id":"1790055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180","reference_id":"948180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5063","reference_id":"CVE-2019-5063","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5063"},{"reference_url":"https://github.com/advisories/GHSA-m6vm-8g8v-xfjh","reference_id":"GHSA-m6vm-8g8v-xfjh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m6vm-8g8v-xfjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-5063","GHSA-m6vm-8g8v-xfjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25vm-cytf-bqb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41581?format=json","vulnerability_id":"VCID-2dwz-2v5y-4qeb","summary":"Integer Overflow or Wraparound\nIn opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12864.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12864.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12864","reference_id":"","reference_type":"","scores":[{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.82489","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.82487","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.8246","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12864"},{"reference_url":"https://github.com/opencv/opencv/issues/9372","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9372"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483698","reference_id":"1483698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483698"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875345","reference_id":"875345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875345"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12864","reference_id":"CVE-2017-12864","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12864"},{"reference_url":"https://github.com/advisories/GHSA-267x-w5hx-8hjr","reference_id":"GHSA-267x-w5hx-8hjr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-267x-w5hx-8hjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12864","GHSA-267x-w5hx-8hjr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dwz-2v5y-4qeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41552?format=json","vulnerability_id":"VCID-3zc6-3229-wfcc","summary":"Divide By Zero\nAn issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15939.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15939","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72919","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72882","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72926","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15939"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/OpenCV/opencv/issues/15287","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OpenCV/opencv/issues/15287"},{"reference_url":"https://github.com/opencv/opencv/pull/15382","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/15382"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764731","reference_id":"1764731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764731"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15939","reference_id":"CVE-2019-15939","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15939"},{"reference_url":"https://github.com/advisories/GHSA-hxfw-jm98-v4mq","reference_id":"GHSA-hxfw-jm98-v4mq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hxfw-jm98-v4mq"},{"reference_url":"https://usn.ubuntu.com/USN-4818-1/","reference_id":"USN-USN-4818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4818-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-15939","GHSA-hxfw-jm98-v4mq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zc6-3229-wfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41580?format=json","vulnerability_id":"VCID-4t6y-22xf-3ueq","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nOpenCV (Open Source Computer Vision Library) has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12601.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12601","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72577","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12601"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483896","reference_id":"1483896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12601","reference_id":"CVE-2017-12601","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12601"},{"reference_url":"https://github.com/advisories/GHSA-w96g-3p64-63wr","reference_id":"GHSA-w96g-3p64-63wr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w96g-3p64-63wr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12601","GHSA-w96g-3p64-63wr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4t6y-22xf-3ueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41553?format=json","vulnerability_id":"VCID-7r2a-ega4-cbbh","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nOpenCV has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17760.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17760","reference_id":"","reference_type":"","scores":[{"value":"0.01536","scoring_system":"epss","scoring_elements":"0.81701","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01536","scoring_system":"epss","scoring_elements":"0.8167","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17760"},{"reference_url":"https://github.com/opencv/opencv/issues/10351","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/10351"},{"reference_url":"https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"http://www.securityfocus.com/bid/102974","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/102974"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1530747","reference_id":"1530747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1530747"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885843","reference_id":"885843","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885843"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17760","reference_id":"CVE-2017-17760","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17760"},{"reference_url":"https://github.com/advisories/GHSA-jcxv-2j3h-mg59","reference_id":"GHSA-jcxv-2j3h-mg59","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jcxv-2j3h-mg59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-17760","GHSA-jcxv-2j3h-mg59"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7r2a-ega4-cbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41578?format=json","vulnerability_id":"VCID-8uwy-v2wq-n3cy","summary":"Out-of-bounds Read\nIn OpenCV, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18009.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18009","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46041","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45968","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18009"},{"reference_url":"https://github.com/opencv/opencv/issues/10479","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/10479"},{"reference_url":"https://github.com/opencv/opencv/pull/10480/commits/4ca89db22dea962690f31c1781bce5937ee91837","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/10480/commits/4ca89db22dea962690f31c1781bce5937ee91837"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"http://www.securityfocus.com/bid/106945","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106945"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531268","reference_id":"1531268","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531268"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924884","reference_id":"924884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924884"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18009","reference_id":"CVE-2017-18009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18009"},{"reference_url":"https://github.com/advisories/GHSA-83rh-hx5x-q9p5","reference_id":"GHSA-83rh-hx5x-q9p5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-83rh-hx5x-q9p5"},{"reference_url":"https://usn.ubuntu.com/USN-4818-1/","reference_id":"USN-USN-4818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4818-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2017-18009","GHSA-83rh-hx5x-q9p5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uwy-v2wq-n3cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41568?format=json","vulnerability_id":"VCID-b7m4-s1rg-wqe7","summary":"Out-of-bounds Read\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12599.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12599","reference_id":"","reference_type":"","scores":[{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65562","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65573","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.6551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12599"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483894","reference_id":"1483894","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483894"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12599","reference_id":"CVE-2017-12599","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12599"},{"reference_url":"https://github.com/advisories/GHSA-fvq6-392h-6mjj","reference_id":"GHSA-fvq6-392h-6mjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fvq6-392h-6mjj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12599","GHSA-fvq6-392h-6mjj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7m4-s1rg-wqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41565?format=json","vulnerability_id":"VCID-dv7w-p358-1qda","summary":"Out-of-bounds Read\nAn issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14491.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14491","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53907","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53899","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53842","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14491"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a"},{"reference_url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c"},{"reference_url":"https://github.com/opencv/opencv/issues/15125","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/15125"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752025","reference_id":"1752025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752025"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14491","reference_id":"CVE-2019-14491","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14491"},{"reference_url":"https://github.com/advisories/GHSA-fm39-cw8h-3p63","reference_id":"GHSA-fm39-cw8h-3p63","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fm39-cw8h-3p63"},{"reference_url":"https://usn.ubuntu.com/USN-4818-1/","reference_id":"USN-USN-4818-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4818-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-14491","GHSA-fm39-cw8h-3p63"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dv7w-p358-1qda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41575?format=json","vulnerability_id":"VCID-dw95-fpkf-pfew","summary":"Improper Input Validation\nOpenCV allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1517.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1517","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62606","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62597","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62552","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1517"},{"reference_url":"https://arxiv.org/pdf/1701.04739.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arxiv.org/pdf/1701.04739.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1517"},{"reference_url":"https://github.com/opencv/opencv/issues/5956","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/5956"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443531","reference_id":"1443531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443531"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872043","reference_id":"872043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1517","reference_id":"CVE-2016-1517","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1517"},{"reference_url":"https://github.com/advisories/GHSA-fffj-9qwg-qmh5","reference_id":"GHSA-fffj-9qwg-qmh5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fffj-9qwg-qmh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2016-1517","GHSA-fffj-9qwg-qmh5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw95-fpkf-pfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41573?format=json","vulnerability_id":"VCID-e6gy-hka8-9bae","summary":"Out-of-bounds Write\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12605.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12605","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12605"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483900","reference_id":"1483900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483900"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12605","reference_id":"CVE-2017-12605","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12605"},{"reference_url":"https://github.com/advisories/GHSA-rqxg-xvcq-3v2f","reference_id":"GHSA-rqxg-xvcq-3v2f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rqxg-xvcq-3v2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12605","GHSA-rqxg-xvcq-3v2f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gy-hka8-9bae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41557?format=json","vulnerability_id":"VCID-fjy7-r2wm-n3b4","summary":"Out-of-bounds Read\nAn out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19624.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19624","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19668","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"},{"reference_url":"https://github.com/opencv/opencv/issues/14554","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/14554"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/25","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/25"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1780543","reference_id":"1780543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1780543"},{"reference_url":"https://access.redhat.com/security/cve/cve-2019-19624","reference_id":"CVE-2019-19624","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2019-19624"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19624","reference_id":"CVE-2019-19624","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19624"},{"reference_url":"https://github.com/advisories/GHSA-jggw-2q6g-c3m6","reference_id":"GHSA-jggw-2q6g-c3m6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jggw-2q6g-c3m6"},{"reference_url":"https://usn.ubuntu.com/7247-1/","reference_id":"USN-7247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-19624","GHSA-jggw-2q6g-c3m6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjy7-r2wm-n3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41556?format=json","vulnerability_id":"VCID-j87y-pgt8-xbat","summary":"Reachable Assertion\nIn OpenCV, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5269.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5269.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5269","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65354","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65415","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65405","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5269"},{"reference_url":"https://github.com/opencv/opencv/issues/10540","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/10540"},{"reference_url":"https://github.com/opencv/opencv/pull/10563","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/10563"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"http://www.securityfocus.com/bid/106945","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106945"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532551","reference_id":"1532551","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532551"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886675","reference_id":"886675","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886675"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5269","reference_id":"CVE-2018-5269","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5269"},{"reference_url":"https://github.com/advisories/GHSA-89rj-5ggj-3p9p","reference_id":"GHSA-89rj-5ggj-3p9p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-89rj-5ggj-3p9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2018-5269","GHSA-89rj-5ggj-3p9p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j87y-pgt8-xbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78245?format=json","vulnerability_id":"VCID-jwwm-5zrf-a3af","summary":"opencv: OpenCV use after free","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53644.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53644.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53644","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45892","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45888","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53644"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381763","reference_id":"2381763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381763"},{"reference_url":"https://github.com/opencv/opencv/issues/27271","reference_id":"27271","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:23:04Z/"}],"url":"https://github.com/opencv/opencv/issues/27271"},{"reference_url":"https://github.com/opencv/opencv/releases/tag/4.12.0","reference_id":"4.12.0","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:23:04Z/"}],"url":"https://github.com/opencv/opencv/releases/tag/4.12.0"},{"reference_url":"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466","reference_id":"a39db41390de546d18962ee1278bd6dbb715f466","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:23:04Z/"}],"url":"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/","reference_id":"GHSL-2025-057_OpenCV","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-17T20:23:04Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2025-53644"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwwm-5zrf-a3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41559?format=json","vulnerability_id":"VCID-jypn-sttp-tkgm","summary":"Out-of-bounds Write\nAn exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5064.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5064","reference_id":"","reference_type":"","scores":[{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.86016","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.86014","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02639","scoring_system":"epss","scoring_elements":"0.85992","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064"},{"reference_url":"https://github.com/opencv/opencv/issues/15857","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/15857"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/32"},{"reference_url":"https://github.com/opencv/opencv/releases/tag/4.2.0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/releases/tag/4.2.0"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790059","reference_id":"1790059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790059"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180","reference_id":"948180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5064","reference_id":"CVE-2019-5064","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5064"},{"reference_url":"https://github.com/advisories/GHSA-q799-q27x-vp7w","reference_id":"GHSA-q799-q27x-vp7w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q799-q27x-vp7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517067?format=json","purl":"pkg:deb/debian/opencv@4.5.1%2Bdfsg-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@4.5.1%252Bdfsg-5"}],"aliases":["CVE-2019-5064","GHSA-q799-q27x-vp7w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jypn-sttp-tkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41585?format=json","vulnerability_id":"VCID-jzve-9vvd-mued","summary":"Out-of-bounds Write\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12606.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12606","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74926","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.7493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12606"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483891","reference_id":"1483891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12606","reference_id":"CVE-2017-12606","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12606"},{"reference_url":"https://github.com/advisories/GHSA-vc29-rj92-gc7j","reference_id":"GHSA-vc29-rj92-gc7j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vc29-rj92-gc7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12606","GHSA-vc29-rj92-gc7j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzve-9vvd-mued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41561?format=json","vulnerability_id":"VCID-m3rr-ppwn-5kd8","summary":"Out-of-bounds Write\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12604.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12604","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12604"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483899","reference_id":"1483899","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12604","reference_id":"CVE-2017-12604","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12604"},{"reference_url":"https://github.com/advisories/GHSA-c7gp-2pch-qh2v","reference_id":"GHSA-c7gp-2pch-qh2v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c7gp-2pch-qh2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12604","GHSA-c7gp-2pch-qh2v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3rr-ppwn-5kd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41555?format=json","vulnerability_id":"VCID-qz2a-2d4y-y7hq","summary":"Out-of-bounds Write\nOpenCV (Open Source Computer Vision Library) has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12603.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12603","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12603"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483898","reference_id":"1483898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12603","reference_id":"CVE-2017-12603","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12603"},{"reference_url":"https://github.com/advisories/GHSA-6v6p-p97v-g2p7","reference_id":"GHSA-6v6p-p97v-g2p7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6v6p-p97v-g2p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12603","GHSA-6v6p-p97v-g2p7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz2a-2d4y-y7hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41551?format=json","vulnerability_id":"VCID-s11e-t19f-kfe4","summary":"Out-of-bounds Read\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12598.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12598","reference_id":"","reference_type":"","scores":[{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65562","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65573","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.6551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12598"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483893","reference_id":"1483893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483893"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12598","reference_id":"CVE-2017-12598","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12598"},{"reference_url":"https://github.com/advisories/GHSA-33h2-69j3-r336","reference_id":"GHSA-33h2-69j3-r336","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-33h2-69j3-r336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12598","GHSA-33h2-69j3-r336"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s11e-t19f-kfe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41587?format=json","vulnerability_id":"VCID-syem-z8g2-n7h2","summary":"Out-of-bounds Write\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12597.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12597","reference_id":"","reference_type":"","scores":[{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71368","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71375","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71323","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12597"},{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483892","reference_id":"1483892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483892"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044","reference_id":"872044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12597","reference_id":"CVE-2017-12597","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12597"},{"reference_url":"https://github.com/advisories/GHSA-8w3x-457r-wg53","reference_id":"GHSA-8w3x-457r-wg53","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8w3x-457r-wg53"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12597","GHSA-8w3x-457r-wg53"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syem-z8g2-n7h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41562?format=json","vulnerability_id":"VCID-ttbc-7ys4-wfdw","summary":"Integer Overflow or Wraparound\nIn opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12863.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12863","reference_id":"","reference_type":"","scores":[{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.82489","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.82487","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0167","scoring_system":"epss","scoring_elements":"0.8246","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12863"},{"reference_url":"https://github.com/opencv/opencv/issues/9371","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9371"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483696","reference_id":"1483696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483696"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875344","reference_id":"875344","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875344"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12863","reference_id":"CVE-2017-12863","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12863"},{"reference_url":"https://github.com/advisories/GHSA-wq8f-wvqp-xvvm","reference_id":"GHSA-wq8f-wvqp-xvvm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq8f-wvqp-xvvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12863","GHSA-wq8f-wvqp-xvvm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttbc-7ys4-wfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41591?format=json","vulnerability_id":"VCID-vtbm-x7bk-tqgv","summary":"Out-of-bounds Write\nIn modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12862.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12862","reference_id":"","reference_type":"","scores":[{"value":"0.02079","scoring_system":"epss","scoring_elements":"0.84318","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02079","scoring_system":"epss","scoring_elements":"0.84315","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02079","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12862"},{"reference_url":"https://github.com/opencv/opencv/issues/9370","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9370"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483695","reference_id":"1483695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483695"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875342","reference_id":"875342","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875342"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12862","reference_id":"CVE-2017-12862","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12862"},{"reference_url":"https://github.com/advisories/GHSA-5rpc-gwh9-q9fg","reference_id":"GHSA-5rpc-gwh9-q9fg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5rpc-gwh9-q9fg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12862","GHSA-5rpc-gwh9-q9fg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtbm-x7bk-tqgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41586?format=json","vulnerability_id":"VCID-w461-q9h5-pfdg","summary":"Denial of Service in OpenCV\nOpenCV (Open Source Computer Vision Library) has a denial of service (memory consumption) issue, as demonstrated by the test case.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12602.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12602","reference_id":"","reference_type":"","scores":[{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.7392","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73879","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12602"},{"reference_url":"https://github.com/opencv/opencv/issues/9311","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9311"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483897","reference_id":"1483897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1483897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872045","reference_id":"872045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872045"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12602","reference_id":"CVE-2017-12602","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12602"},{"reference_url":"https://github.com/advisories/GHSA-pqjj-6f5q-gqph","reference_id":"GHSA-pqjj-6f5q-gqph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pqjj-6f5q-gqph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-12602","GHSA-pqjj-6f5q-gqph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w461-q9h5-pfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41564?format=json","vulnerability_id":"VCID-yjd6-1et5-vqer","summary":"Out-of-bounds Write\nIn OpenCV, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5268.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5268.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5268","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56741","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56735","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56683","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5268"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencv/opencv/issues/10541","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/10541"},{"reference_url":"https://github.com/opencv/opencv/pull/10566/commits/435a3e337bd9d4e11af61cf8b8afca067bf1a8aa","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/10566/commits/435a3e337bd9d4e11af61cf8b8afca067bf1a8aa"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"http://www.securityfocus.com/bid/106945","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106945"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532552","reference_id":"1532552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1532552"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886674","reference_id":"886674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886674"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5268","reference_id":"CVE-2018-5268","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5268"},{"reference_url":"https://github.com/advisories/GHSA-9g8h-pjm4-q92p","reference_id":"GHSA-9g8h-pjm4-q92p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9g8h-pjm4-q92p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2018-5268","GHSA-9g8h-pjm4-q92p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjd6-1et5-vqer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41583?format=json","vulnerability_id":"VCID-yjsn-xjss-wqe3","summary":"Integer Overflow or Wraparound\nIn opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000450.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000450","reference_id":"","reference_type":"","scores":[{"value":"0.03513","scoring_system":"epss","scoring_elements":"0.87866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03513","scoring_system":"epss","scoring_elements":"0.87864","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03513","scoring_system":"epss","scoring_elements":"0.87842","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450"},{"reference_url":"https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor"},{"reference_url":"https://github.com/opencv/opencv/issues/9723","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/issues/9723"},{"reference_url":"https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb"},{"reference_url":"https://github.com/opencv/opencv-python","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencv/opencv-python"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531610","reference_id":"1531610","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886282","reference_id":"886282","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886282"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000450","reference_id":"CVE-2017-1000450","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000450"},{"reference_url":"https://github.com/advisories/GHSA-m43c-649m-pm48","reference_id":"GHSA-m43c-649m-pm48","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m43c-649m-pm48"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516676?format=json","purl":"pkg:deb/debian/opencv@3.2.0%2Bdfsg-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-fjy7-r2wm-n3b4"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@3.2.0%252Bdfsg-6"}],"aliases":["CVE-2017-1000450","GHSA-m43c-649m-pm48"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjsn-xjss-wqe3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/opencv@0.9.5-10"}