CVE-2017-18009
Description
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenCV 3.3.1 has a heap-based buffer over-read in cv::HdrDecoder::checkSignature when processing malformed HDR image files.
Vulnerability
In OpenCV 3.3.1, the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp performs a heap-based buffer over-read. The function uses memcmp to compare the input signature against expected signatures (m_signature and m_signature_alt) without proper bounds checking [2][3]. Affected versions include 3.3.1 and potentially earlier releases [3].
Exploitation
An attacker must craft a malicious HDR image file with a specially truncated or malformed signature field. When a victim or application uses cv::imread() to load the file, the decoder reads beyond the allocated heap buffer of the signature string, causing an out-of-bounds read [3]. No authentication or special privileges are required beyond triggering the image decode path.
Impact
Successful exploitation results in a heap-based buffer over-read, which can cause a crash (denial of service) or potentially leak sensitive memory contents [2][3]. The read is limited to 10 bytes beyond the allocated region, as demonstrated by AddressSanitizer output [3]. Depending on the application, this may lead to information disclosure.
Mitigation
A fix was committed in pull request #10480 on GitHub, which adds proper size checks before calling memcmp [4]. Users should upgrade to OpenCV 3.4 or later, or apply the patch from commit 4ca89db22dea962690f31c1781bce5937ee91837 [4]. No workaround exists other than avoiding untrusted HDR files.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opencv-pythonPyPI | < 3.4.1.15 | 3.4.1.15 |
opencv-contrib-pythonPyPI | < 3.4.1.15 | 3.4.1.15 |
Affected products
2- ghsa-coords2 versions
< 3.4.1.15+ 1 more
- (no CPE)range: < 3.4.1.15
- (no CPE)range: < 3.4.1.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-83rh-hx5x-q9p5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18009ghsaADVISORY
- www.securityfocus.com/bid/106945ghsavdb-entryx_refsource_BIDWEB
- github.com/opencv/opencv/issues/10479ghsax_refsource_MISCWEB
- github.com/opencv/opencv/pull/10480/commits/4ca89db22dea962690f31c1781bce5937ee91837ghsaWEB
News mentions
0No linked articles in our index yet.