CVE-2017-12601

Name of the Vulnerable Software and Affected Versions OpenCV versions through 3.3

Description The issue is related to a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt bmp.cpp when reading an image file using cv::imread. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is demonstrated by the 4-buf-overflow-readData-memcpy test case.

Recommendations For OpenCV versions through 3.3, as a temporary workaround, consider disabling the cv::BmpDecoder::readData function until a patch is available. Restrict access to the modules/imgcodecs/src/grfmt bmp.cpp module to minimize the risk of exploitation. Avoid using the cv::imread function to read image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.