Epeius

**Name of the Vulnerable Software and Affected Versions** OpenCV version 3.3.1 **Description** A heap-based buffer overflow occurs in the `cv::Jpeg2KDecoder::readComponent8u` function in `modules/imgcodecs/src/grfmt jpeg2000.cpp` when parsing a crafted image file, potentially allowing a remote attacker to cause a denial of service. **Recommendations** For OpenCV version 3.3.1, consider disabling the `cv::Jpeg2KDecoder::readComponent8u` function until a patch is available to prevent exploitation of the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions 3.3.1 **Description** The issue is related to an incorrect integer cast in the `cv::RBaseStream::setPos` function of the OpenCV library, specifically in the `modules/imgcodecs/src/bitstrm.cpp` component. This can lead to an assertion failure. The exploitation of this issue can cause a denial of service by a remote attacker. **Recommendations** For OpenCV version 3.3.1, consider disabling the `cv::RBaseStream::setPos` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.