Skip to main content

Reachable Assertion

CVE-2018-7712

Severity High
Score 7.5/10

Summary

** DISPUTED ** The validateInputImageSize function in `modules/imgcodecs/src/loadsave.cpp` in OpenCV allows remote attackers to cause a denial of service (assertion failure) because `(size.height <= (1<<20))` may be false. Note: according to the maintainers, "OpenCV `CV_Assert` is not an assertion (C-like `assert()`), it is regular C++ exception which can raised in case of invalid or non-supported parameters". SCA AppSec team researched the issue and found out that it is still a security issue because even though the exceptions are raised on purpose, indeed it causes the application to crash.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-617 - Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Advisory Timeline

  • Published