Reachable Assertion

CVE-2018-7712

High

7.5/10

Summary

** DISPUTED ** The "validateInputImageSize" function in `modules/imgcodecs/src/loadsave.cpp` in OpenCV allows remote attackers to cause a denial of service (assertion failure) because "(size.height <= (1<<20))" may be false. Note: according to the maintainers, OpenCV `CV_Assert` is not an assertion (C-like "assert()"), it is a regular C++ exception which can be raised in case of invalid or non-supported parameters.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-617 - Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

Issue
POC/Exploit
Issue
Advisory

Advisory Timeline

Published Mar 05, 2018

Reachable Assertion

CVE-2018-7712

Summary

CWE-617 - Reachable Assertion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS