High severity8.8NVD Advisory· Published Aug 15, 2017· Updated May 13, 2026

CVE-2017-12863

Description

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
opencv-pythonPyPI	< 3.3.1.11	3.3.1.11
opencv-contrib-pythonPyPI	< 3.3.1.11	3.3.1.11

Affected products

Opencv/Opencv
cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*
Range: <=3.3.0
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/opencv/opencv/issues/9371nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-wq8f-wvqp-xvvmghsaADVISORY
lists.debian.org/debian-lts-announce/2018/07/msg00030.htmlnvdMailing ListThird Party AdvisoryWEB
lists.debian.org/debian-lts-announce/2021/10/msg00028.htmlnvdMailing ListThird Party AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-12863ghsaADVISORY
security.gentoo.org/glsa/201712-02nvdThird Party AdvisoryWEB
github.com/opencv/opencv/pull/9376ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000