review.tizen.org Git - platform/upstream/opencv.git/commit

author	Tae-Young Chung <ty83.chung@samsung.com>
	Tue, 7 Nov 2017 01:51:12 +0000 (10:51 +0900)
committer	Tae-Young Chung <ty83.chung@samsung.com>
	Tue, 7 Nov 2017 01:51:17 +0000 (10:51 +0900)
commit	68dea6f1e881ff2ab68af14b7ef2942a28ff15db
tree	08664dc0ea44b48f598c7d8b8acfc2a082a0fba0	tree \| snapshot
parent	238119292f1c27628c2626d70a47c690c7cb9346	commit \| diff

Fix CVEs for opencv 2.4

Following CVEs are reported and this is patch for OpenCV 2.4 (https://github.com/opencv/opencv/pull/9383)
(Note that this is backported patch from OpenCV 3.3, https://github.com/opencv/opencv/pull/9376)

* CVE-2017-12600, 12602
  Two DOS bugs of opencv
  https://github.com/opencv/opencv/issues/9311

* CVE-2017-12597,12598,12599,12601,12603,12604,12605,12606
  Some bugs result to crashes when calling imread of opencv (include heap overflow and out-of-bound write)
  https://github.com/opencv/opencv/issues/9309

* CVE-2017-12862
  AutoBuffer_heap_overflow in grfmt_pxm.cpp
  https://github.com/opencv/opencv/issues/9370

* CVE-2017-12863
  Integer overflow in PxMDecoder::readData
  https://github.com/opencv/opencv/issues/9371

* CVE-2017-12864
  Integer overflow in ReadNumber
  https://github.com/opencv/opencv/issues/9372

Change-Id: Id743196add40e8cbbbed6cafef04be09bb77c5ae
Signed-off-by: Tae-Young Chung <ty83.chung@samsung.com>

modules/core/include/opencv2/core/core.hpp		diff \| blob \| history
modules/core/include/opencv2/core/operations.hpp		diff \| blob \| history
modules/highgui/src/bitstrm.cpp		diff \| blob \| history
modules/highgui/src/bitstrm.hpp		diff \| blob \| history
modules/highgui/src/grfmt_bmp.cpp		diff \| blob \| history
modules/highgui/src/grfmt_pxm.cpp		diff \| blob \| history
modules/highgui/src/loadsave.cpp		diff \| blob \| history
packaging/opencv.spec		diff \| blob \| history