Reachable Assertion
CVE-2018-7712
Summary
** DISPUTED ** The validateInputImageSize function in `modules/imgcodecs/src/loadsave.cpp` in OpenCV allows remote attackers to cause a denial of service (assertion failure) because `(size.height <= (1<<20))` may be false. Note: according to the maintainers, "OpenCV `CV_Assert` is not an assertion (C-like `assert()`), it is regular C++ exception which can raised in case of invalid or non-supported parameters". SCA AppSec team researched the issue and found out that it is still a security issue because even though the exceptions are raised on purpose, indeed it causes the application to crash.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
References
Advisory Timeline
- Published