CVE-2018-7713

Name of the Vulnerable Software and Affected Versions: OpenCV version 3.4.1

Description: The issue is related to the validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp, which allows remote attackers to cause a denial of service due to an assertion failure. This occurs because the condition (size.width <= (1<<20)) may be false. It is noted that OpenCV CV Assert is not a traditional assertion, but rather a regular C++ exception that can be raised for invalid or non-supported parameters.

Recommendations: For OpenCV version 3.4.1, consider modifying the validateInputImageSize function to handle cases where (size.width <= (1<<20)) is false, potentially by adding input validation or exception handling to prevent the assertion failure. As a temporary workaround, consider adding checks for the size.width parameter to ensure it does not exceed the maximum allowed value of (1<<20). At the moment, there is no information about a newer version that contains a fix for this vulnerability.