review.tizen.org Git - platform/upstream/opencv.git/commit

author	Tae-Young Chung <ty83.chung@samsung.com>
	Tue, 7 Nov 2017 01:51:12 +0000 (10:51 +0900)
committer	Tae-Young Chung <ty83.chung@samsung.com>
	Thu, 23 Nov 2017 05:02:03 +0000 (14:02 +0900)
commit	b47b8e77e72ccc68307dd55426d0cda16691a68c
tree	49620990cb0a6808af75d1ee3cf6f6fabebe26ff	tree \| snapshot
parent	e57fca5212beb71d85a6ee544364f74d6a95da85	commit \| diff

Fix CVEs for opencv 2.4

Following CVEs are reported and this is patch for OpenCV 2.4 (https://github.com/opencv/opencv/pull/9383)
(Note that this is backported patch from OpenCV 3.3, https://github.com/opencv/opencv/pull/9376)

* CVE-2017-12600, 12602
  Two DOS bugs of opencv
  https://github.com/opencv/opencv/issues/9311

* CVE-2017-12597,12598,12599,12601,12603,12604,12605,12606
  Some bugs result to crashes when calling imread of opencv (include heap overflow and out-of-bound write)
  https://github.com/opencv/opencv/issues/9309

* CVE-2017-12862
  AutoBuffer_heap_overflow in grfmt_pxm.cpp
  https://github.com/opencv/opencv/issues/9370

* CVE-2017-12863
  Integer overflow in PxMDecoder::readData
  https://github.com/opencv/opencv/issues/9371

* CVE-2017-12864
  Integer overflow in ReadNumber
  https://github.com/opencv/opencv/issues/9372

Change-Id: Id743196add40e8cbbbed6cafef04be09bb77c5ae
Signed-off-by: Tae-Young Chung <ty83.chung@samsung.com>

modules/core/include/opencv2/core/core.hpp		diff \| blob \| history
modules/core/include/opencv2/core/operations.hpp		diff \| blob \| history
modules/highgui/src/bitstrm.cpp		diff \| blob \| history
modules/highgui/src/bitstrm.hpp		diff \| blob \| history
modules/highgui/src/grfmt_bmp.cpp		diff \| blob \| history
modules/highgui/src/grfmt_pxm.cpp		diff \| blob \| history
modules/highgui/src/loadsave.cpp		diff \| blob \| history
packaging/opencv.spec		diff \| blob \| history