Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-w2pd-76sg-rkbw
Vulnerability ID VCID-w2pd-76sg-rkbw
Aliases CVE-2018-5269
GHSA-89rj-5ggj-3p9p
Summary In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-617 Reachable Assertion
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 3.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5269.json
epss 0.00479 https://api.first.org/data/v1/epss?cve=CVE-2018-5269
epss 0.00479 https://api.first.org/data/v1/epss?cve=CVE-2018-5269
epss 0.00479 https://api.first.org/data/v1/epss?cve=CVE-2018-5269
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-89rj-5ggj-3p9p
cvssv3.1 5.5 https://github.com/opencv/opencv/issues/10540
generic_textual MODERATE https://github.com/opencv/opencv/issues/10540
cvssv3.1 5.5 https://github.com/opencv/opencv/pull/10563
generic_textual MODERATE https://github.com/opencv/opencv/pull/10563
cvssv3.1 5.5 https://github.com/opencv/opencv-python
generic_textual MODERATE https://github.com/opencv/opencv-python
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-5269
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-5269
cvssv3.1 5.5 http://www.securityfocus.com/bid/106945
generic_textual MODERATE http://www.securityfocus.com/bid/106945
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5269.json
https://api.first.org/data/v1/epss?cve=CVE-2018-5269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5269
https://github.com/opencv/opencv/issues/10540
https://github.com/opencv/opencv/pull/10563
https://github.com/opencv/opencv-python
https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2018-5269
http://www.securityfocus.com/bid/106945
1532551 https://bugzilla.redhat.com/show_bug.cgi?id=1532551
886675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886675
GHSA-89rj-5ggj-3p9p https://github.com/advisories/GHSA-89rj-5ggj-3p9p
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5269.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv/issues/10540
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv/pull/10563
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/opencv/opencv-python
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-5269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/106945
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65471
EPSS Score 0.00479
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:27:01.650655+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0