High severity8.8NVD Advisory· Published Aug 15, 2017· Updated May 13, 2026

CVE-2017-12862

Description

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
opencv-pythonPyPI	< 3.3.1.11	3.3.1.11
opencv-contrib-pythonPyPI	< 3.3.1.11	3.3.1.11

Affected products

Opencv/Opencv
cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*
Range: <=3.3.0
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/opencv/opencv/issues/9370nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-5rpc-gwh9-q9fgghsaADVISORY
lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlnvdMailing ListThird Party AdvisoryWEB
lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlnvdMailing ListThird Party AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-12862ghsaADVISORY
security.gentoo.org/glsa/201712-02nvdThird Party AdvisoryWEB
github.com/opencv/opencv/pull/9376ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000