Xiaoqx

**Name of the Vulnerable Software and Affected Versions** Little CMS version 2.9 **Description** The issue is related to an out-of-bounds write in the `cmsPipelineCheckAndRetreiveStages` function in `cmslut.c` in `liblcms2.a`, which can be triggered via a crafted TIFF file. However, the Little CMS developers do not consider this a vulnerability in the lcms2 library itself, as it depends on LIBTIFF only for building sample programs and the issue cannot be reproduced on the lcms2 library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Little CMS version 2.9 **Description** The issue is related to an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a. This can be triggered via a crafted TIFF file. However, it's noted that the Little CMS developers do not consider this a vulnerability of the lcms2 library itself, as the issue is based on a sample program using LIBTIFF and does not apply to the lcms2 library. **Recommendations** For Little CMS version 2.9, consider avoiding the use of crafted TIFF files that could trigger the out-of-bounds write in the PrecalculatedXFORM function until further clarification or resolution is provided by the developers.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue exists in the constructor of the DataBuf class, where a large initial buffer size may lead to a SIGABRT during memory allocation. **Recommendations** For Exiv2 version 0.26, consider restricting the initial buffer size in the DataBuf class constructor to prevent excessive memory allocation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue allows remote attackers to cause a denial of service due to invalid memory access via a crafted file. This is related to the Exiv2::Internal::printCsLensFFFF function in canonmn int.cpp. **Recommendations** For Exiv2 version 0.26, consider avoiding the use of crafted files that may trigger the denial of service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue is related to a denial of service caused by an out-of-bounds read in the `Exiv2::Internal::stringFormat` function in `image.cpp`. This can be triggered by remote attackers using a specially crafted file, potentially leading to a service disruption. The vulnerability is associated with the `jpgimage.cpp` component of the Exiv2 library, which is used for managing media file metadata. **Recommendations** For Exiv2 version 0.26, consider disabling the `jpgimage.cpp` component or restricting its use until a patch is available to prevent potential exploitation. As a temporary workaround, avoid using crafted or untrusted image files to minimize the risk of triggering the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV version 3.4.1 Description: The issue is related to the `validateInputImageSize` function in `modules/imgcodecs/src/loadsave.cpp`, which allows remote attackers to cause a denial of service due to an assertion failure. This occurs because the condition `(size.width <= (1<<20))` may be false. It is noted that `OpenCV CV Assert` is not a traditional assertion, but rather a regular C++ exception that can be raised for invalid or non-supported parameters. Recommendations: For OpenCV version 3.4.1, consider modifying the `validateInputImageSize` function to handle cases where `(size.width <= (1<<20))` is false, potentially by adding input validation or exception handling to prevent the assertion failure. As a temporary workaround, consider adding checks for the `size.width` parameter to ensure it does not exceed the maximum allowed value of `(1<<20)`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV version 3.4.1 Description: The issue is related to the `validateInputImageSize` function in `modules/imgcodecs/src/loadsave.cpp`, which can cause a denial of service due to an assertion failure. This occurs when the condition `(size.height <= (1<<20))` is false. It is noted that `OpenCV CV Assert` is not a traditional assertion but a regular C++ exception that can be raised for invalid or non-supported parameters. Recommendations: For OpenCV version 3.4.1, consider modifying the `validateInputImageSize` function to handle cases where `(size.height <= (1<<20))` is false without causing an assertion failure. As a temporary workaround, consider adding input validation to ensure that the `size.height` parameter does not exceed the maximum allowed value of `(1<<20)`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV version 3.4.1 Description: The issue is related to the `validateInputImageSize` function in `modules/imgcodecs/src/loadsave.cpp`, which can cause a denial of service due to an assertion failure when the condition `(pixels <= (1<<30))` is false. It is noted that `OpenCV CV Assert` is a regular C++ exception that can be raised for invalid or non-supported parameters, rather than a traditional assertion. Recommendations: As a temporary workaround, consider adding input validation to ensure that the number of pixels does not exceed the maximum allowed value of `(1<<30)`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CImg version 220 **Description** A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the "16 colors" case. **Recommendations** For version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading untrusted bmp images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CImg version 220 **Description** A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the "256 colors" case, also referred to as case 8. **Recommendations** For version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading crafted bmp images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CImg version 220 **Description** A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the "16 bits colors" case. **Recommendations** For version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading crafted bmp images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CImg version 220 **Description** A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the Monochrome case. **Recommendations** For version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading untrusted bmp images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CImg version 220 **Description** A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the "32 bits colors" case. **Recommendations** For CImg version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading untrusted bmp images to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CImg versions prior to v.220 Description: The issue is related to a heap-based buffer over-read in the `load bmp` function in `CImg.h`, which occurs when loading a specially crafted bmp image. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For versions prior to v.220, consider disabling the `load bmp` function in `CImg.h` until a patch is available to prevent potential exploitation. Restrict the loading of bmp images from untrusted sources to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CImg version 220 Description: An issue in the load bmp function of CImg.h allows for a double free error when loading a crafted bmp image, potentially impacting the confidentiality, integrity, and availability of protected information. Recommendations: For CImg version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26 Description: The issue is related to a heap-based buffer over-read in the Exiv2::IptcData::printStructure function, specifically in the "!= 0x1c" case. This can be exploited by remote attackers to cause a denial of service using a crafted TIFF file. Recommendations: For Exiv2 version 0.26, consider avoiding the use of crafted TIFF files until a patch is available. As a temporary workaround, restrict the processing of TIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV versions through 3.3 Description: The issue is related to an out-of-bounds write error in the `FillColorRow4` function in `utils.cpp` when reading an image file using `cv::imread`. This can potentially allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. Recommendations: For OpenCV versions through 3.3, as a temporary workaround, consider disabling the `FillColorRow4` function in `utils.cpp` until a patch is available. Restrict access to image file reading using `cv::imread` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenCV versions through 3.3 Description: The issue is related to an invalid write in the `cv::RLByteStream::getBytes` function in `modules/imgcodecs/src/bitstrm.cpp` when reading an image file using `cv::imread`. This can lead to a buffer overflow, potentially allowing a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. Recommendations: For OpenCV versions through 3.3, as a temporary workaround, consider disabling the `cv::RLByteStream::getBytes` function until a patch is available. Restrict access to the `modules/imgcodecs/src/bitstrm.cpp` module to minimize the risk of exploitation. Avoid using the `cv::imread` function to read image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions through 3.3 **Description** The issue is related to an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For OpenCV versions through 3.3, consider disabling the FillUniColor function in utils.cpp as a temporary workaround until a patch is available. Restrict access to the cv::imread function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions through 3.3 **Description** The issue is related to a buffer overflow in the `cv::BmpDecoder::readData` function in `modules/imgcodecs/src/grfmt bmp.cpp` when reading an image file using `cv::imread`. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is demonstrated by the `4-buf-overflow-readData-memcpy` test case. **Recommendations** For OpenCV versions through 3.3, as a temporary workaround, consider disabling the `cv::BmpDecoder::readData` function until a patch is available. Restrict access to the `modules/imgcodecs/src/grfmt bmp.cpp` module to minimize the risk of exploitation. Avoid using the `cv::imread` function to read image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.