Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qz2a-2d4y-y7hq
Vulnerability ID VCID-qz2a-2d4y-y7hq
Aliases CVE-2017-12603
GHSA-6v6p-p97v-g2p7
Summary Out-of-bounds Write OpenCV (Open Source Computer Vision Library) has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/opencv/opencv/issues/9309
https://github.com/opencv/opencv/pull/9376
https://github.com/xiaoqx/pocs/blob/master/opencv.md
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
https://security.gentoo.org/glsa/201712-02
CVE-2017-12603 https://nvd.nist.gov/vuln/detail/CVE-2017-12603
GHSA-6v6p-p97v-g2p7 https://github.com/advisories/GHSA-6v6p-p97v-g2p7
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:40:09.205708+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/opencv-contrib-python/CVE-2017-12603.yml 38.6.0