Rstevens70

**Name of the Vulnerable Software and Affected Versions** OpenCV versions 3.0.0 through 3.3.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segfault, via vectors involving corrupt chunks. This issue was fixed in OpenCV version 3.3.1. **Recommendations** For OpenCV versions 3.0.0 through 3.3.0, update to OpenCV version 3.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.0 **Description** The issue is related to a heap-based buffer overflow in the `zip read mac metadata` function, which can be exploited by remote attackers via crafted entry-size values in a ZIP archive. This can allow an attacker to execute arbitrary code. The vulnerability exists due to incorrect determination of compressed file sizes in ZIP archives, enabling an attacker to place arbitrary code in a file header, which will be executed with the privileges of the current user during the unarchiving process. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of ZIP archives from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions 3.0.0 through 3.3.0 **Description** The issue is related to a double free problem in the OpenCV library, which can be exploited by attackers to execute arbitrary code, allowing them to access confidential data, disrupt its integrity, and cause a denial of service. **Recommendations** For OpenCV versions 3.0.0 through 3.3.0, update to version 3.3.1 to resolve the issue.