CVE-2018-7712

Name of the Vulnerable Software and Affected Versions: OpenCV version 3.4.1

Description: The issue is related to the validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp, which can cause a denial of service due to an assertion failure. This occurs when the condition (size.height <= (1<<20)) is false. It is noted that OpenCV CV Assert is not a traditional assertion but a regular C++ exception that can be raised for invalid or non-supported parameters.

Recommendations: For OpenCV version 3.4.1, consider modifying the validateInputImageSize function to handle cases where (size.height <= (1<<20)) is false without causing an assertion failure. As a temporary workaround, consider adding input validation to ensure that the size.height parameter does not exceed the maximum allowed value of (1<<20). At the moment, there is no information about a newer version that contains a fix for this vulnerability.