Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k6gg-4cct-gfhj
Vulnerability ID VCID-k6gg-4cct-gfhj
Aliases CVE-2017-1000450
GHSA-m43c-649m-pm48
Summary In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-787 Out-of-bounds Write
CWE-190 Integer Overflow or Wraparound
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000450.json
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-1000450
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-1000450
epss 0.03513 https://api.first.org/data/v1/epss?cve=CVE-2017-1000450
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-m43c-649m-pm48
cvssv3.1 8.8 https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
generic_textual HIGH https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
cvssv3.1 8.8 https://github.com/opencv/opencv/issues/9723
generic_textual HIGH https://github.com/opencv/opencv/issues/9723
cvssv3.1 8.8 https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb
generic_textual HIGH https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb
cvssv3.1 8.8 https://github.com/opencv/opencv-python
generic_textual HIGH https://github.com/opencv/opencv-python
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
cvssv3.1 8.8 https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-1000450
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-1000450
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000450.json
https://api.first.org/data/v1/epss?cve=CVE-2017-1000450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000450
https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
https://github.com/opencv/opencv/issues/9723
https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb
https://github.com/opencv/opencv-python
https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2017-1000450
1531610 https://bugzilla.redhat.com/show_bug.cgi?id=1531610
886282 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886282
GHSA-m43c-649m-pm48 https://github.com/advisories/GHSA-m43c-649m-pm48
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000450.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/opencv/opencv/issues/9723
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/opencv/opencv/pull/9726/commits/c58152d94ba878b2d7d76bcac59146312199b9eb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/opencv/opencv-python
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000450
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.87903
EPSS Score 0.03513
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:02.730903+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0