CVE-2017-12598

Name of the Vulnerable Software and Affected Versions OpenCV versions through 3.3

Description The issue is related to an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file using cv::imread. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For OpenCV versions through 3.3, as a temporary workaround, consider disabling the cv::RBaseStream::readBlock function until a patch is available. Restrict access to the modules/imgcodecs/src/bitstrm.cpp module to minimize the risk of exploitation. Avoid using the cv::imread function to read image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.