review.tizen.org Git - platform/upstream/opencv.git/commit

author	Tae-Young Chung <ty83.chung@samsung.com>
	Tue, 7 Nov 2017 01:51:12 +0000 (10:51 +0900)
committer	Tae-Young Chung <ty83.chung@samsung.com>
	Thu, 23 Nov 2017 04:43:58 +0000 (13:43 +0900)
commit	bb28c50223fffd70a1981369787f301535ea4960
tree	eacb81ede5861991ca66c9cef82422aa2e1dcc68	tree \| snapshot
parent	0eb4b6308c44eb994082ea395cd205eabf074ec8	commit \| diff

Fix CVEs for opencv 2.4

Following CVEs are reported and this is patch for OpenCV 2.4 (https://github.com/opencv/opencv/pull/9383)
(Note that this is backported patch from OpenCV 3.3, https://github.com/opencv/opencv/pull/9376)

* CVE-2017-12600, 12602
  Two DOS bugs of opencv
  https://github.com/opencv/opencv/issues/9311

* CVE-2017-12597,12598,12599,12601,12603,12604,12605,12606
  Some bugs result to crashes when calling imread of opencv (include heap overflow and out-of-bound write)
  https://github.com/opencv/opencv/issues/9309

* CVE-2017-12862
  AutoBuffer_heap_overflow in grfmt_pxm.cpp
  https://github.com/opencv/opencv/issues/9370

* CVE-2017-12863
  Integer overflow in PxMDecoder::readData
  https://github.com/opencv/opencv/issues/9371

* CVE-2017-12864
  Integer overflow in ReadNumber
  https://github.com/opencv/opencv/issues/9372

Change-Id: Id743196add40e8cbbbed6cafef04be09bb77c5ae
Signed-off-by: Tae-Young Chung <ty83.chung@samsung.com>

modules/core/include/opencv2/core/core.hpp		diff \| blob \| history
modules/core/include/opencv2/core/operations.hpp		diff \| blob \| history
modules/highgui/src/bitstrm.cpp		diff \| blob \| history
modules/highgui/src/bitstrm.hpp		diff \| blob \| history
modules/highgui/src/grfmt_bmp.cpp		diff \| blob \| history
modules/highgui/src/grfmt_pxm.cpp		diff \| blob \| history
modules/highgui/src/loadsave.cpp		diff \| blob \| history
packaging/opencv.spec		diff \| blob \| history