{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41551?format=json","vulnerability_id":"VCID-s11e-t19f-kfe4","summary":"Out-of-bounds Read\nOpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.","aliases":[{"alias":"CVE-2017-12598"},{"alias":"GHSA-33h2-69j3-r336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50896?format=json","purl":"pkg:pypi/opencv-contrib-python@3.3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-7r2a-ega4-cbbh"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-j87y-pgt8-xbat"},{"vulnerability":"VCID-yjd6-1et5-vqer"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.3.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/50956?format=json","purl":"pkg:pypi/opencv-python@3.3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-7r2a-ega4-cbbh"},{"vulnerability":"VCID-8uwy-v2wq-n3cy"},{"vulnerability":"VCID-j87y-pgt8-xbat"},{"vulnerability":"VCID-yjd6-1et5-vqer"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.3.1.11"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50894?format=json","purl":"pkg:pypi/opencv-contrib-python@3.3.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22su-dw4m-pfe6"},{"vulnerability":"VCID-2dwz-2v5y-4qeb"},{"vulnerability":"VCID-4t6y-22xf-3ueq"},{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-b7m4-s1rg-wqe7"},{"vulnerability":"VCID-e6gy-hka8-9bae"},{"vulnerability":"VCID-jzve-9vvd-mued"},{"vulnerability":"VCID-m3rr-ppwn-5kd8"},{"vulnerability":"VCID-mkrd-7czn-b3bz"},{"vulnerability":"VCID-qz2a-2d4y-y7hq"},{"vulnerability":"VCID-s11e-t19f-kfe4"},{"vulnerability":"VCID-syem-z8g2-n7h2"},{"vulnerability":"VCID-ttbc-7ys4-wfdw"},{"vulnerability":"VCID-vtbm-x7bk-tqgv"},{"vulnerability":"VCID-w461-q9h5-pfdg"},{"vulnerability":"VCID-yjsn-xjss-wqe3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.3.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/50954?format=json","purl":"pkg:pypi/opencv-python@3.3.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22su-dw4m-pfe6"},{"vulnerability":"VCID-2dwz-2v5y-4qeb"},{"vulnerability":"VCID-4t6y-22xf-3ueq"},{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-b7m4-s1rg-wqe7"},{"vulnerability":"VCID-e6gy-hka8-9bae"},{"vulnerability":"VCID-jzve-9vvd-mued"},{"vulnerability":"VCID-m3rr-ppwn-5kd8"},{"vulnerability":"VCID-mkrd-7czn-b3bz"},{"vulnerability":"VCID-qz2a-2d4y-y7hq"},{"vulnerability":"VCID-s11e-t19f-kfe4"},{"vulnerability":"VCID-syem-z8g2-n7h2"},{"vulnerability":"VCID-ttbc-7ys4-wfdw"},{"vulnerability":"VCID-vtbm-x7bk-tqgv"},{"vulnerability":"VCID-w461-q9h5-pfdg"},{"vulnerability":"VCID-yjsn-xjss-wqe3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.3.0.9"}],"references":[{"reference_url":"https://github.com/opencv/opencv/issues/9309","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/issues/9309"},{"reference_url":"https://github.com/opencv/opencv/pull/9376","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/pull/9376"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/11","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv-python/releases/tag/11"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv-python/releases/tag/9"},{"reference_url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/xiaoqx/pocs/blob/master/opencv.md"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/201712-02","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201712-02"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12598","reference_id":"CVE-2017-12598","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12598"},{"reference_url":"https://github.com/advisories/GHSA-33h2-69j3-r336","reference_id":"GHSA-33h2-69j3-r336","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-33h2-69j3-r336"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s11e-t19f-kfe4"}