Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-b74d-msz8-dbd1
Vulnerability ID VCID-b74d-msz8-dbd1
Aliases CVE-2017-17760
GHSA-jcxv-2j3h-mg59
Summary OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-131 Incorrect Calculation of Buffer Size
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17760.json
epss 0.01536 https://api.first.org/data/v1/epss?cve=CVE-2017-17760
epss 0.01536 https://api.first.org/data/v1/epss?cve=CVE-2017-17760
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jcxv-2j3h-mg59
cvssv3.1 6.5 https://github.com/opencv/opencv/issues/10351
generic_textual MODERATE https://github.com/opencv/opencv/issues/10351
cvssv3.1 6.5 https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
generic_textual MODERATE https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
cvssv3.1 6.5 https://github.com/opencv/opencv-python
generic_textual MODERATE https://github.com/opencv/opencv-python
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-17760
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2017-17760
cvssv3.1 6.5 http://www.securityfocus.com/bid/102974
generic_textual MODERATE http://www.securityfocus.com/bid/102974
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17760.json
https://api.first.org/data/v1/epss?cve=CVE-2017-17760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17760
https://github.com/opencv/opencv/issues/10351
https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
https://github.com/opencv/opencv-python
https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2017-17760
http://www.securityfocus.com/bid/102974
1530747 https://bugzilla.redhat.com/show_bug.cgi?id=1530747
885843 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885843
GHSA-jcxv-2j3h-mg59 https://github.com/advisories/GHSA-jcxv-2j3h-mg59
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17760.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv/issues/10351
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv-python
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17760
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/102974
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81747
EPSS Score 0.01536
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:18.840857+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0