Bug 1033152 - (CVE-2016-1516) VUL-0: CVE-2016-1516: opencv: double free issue that allows attackers to execute arbitrary code
(CVE-2016-1516)
VUL-0: CVE-2016-1516: opencv: double free issue that allows attackers to exec...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-10 08:00 UTC by Alexander Bergmann
Modified: 2018-06-11 16:12 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-04-10 08:00:49 UTC
CVE-2016-1516

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary
code.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1516
https://github.com/opencv/opencv/issues/5956
https://arxiv.org/pdf/1701.04739.pdf
Comment 1 Scott Reeves 2018-04-10 21:38:33 UTC
Hi Yifan - can you have someone on your team look at these opencv bugs. Thanks
Comment 4 Felix Zhang 2018-04-11 03:27:16 UTC
@yfjiang: Sure! :-)
@qzheng: Let's talk face to face to avoid spamming the bug report. :-)
Comment 5 Alexander Bergmann 2018-04-13 15:51:44 UTC
Move this bug to openSUSE Leap 42.3.
Comment 6 Swamp Workflow Management 2018-04-28 01:30:11 UTC
This is an autogenerated message for OBS integration:
This bug (1033152) was mentioned in
https://build.opensuse.org/request/show/602155 42.3 / opencv
Comment 7 Swamp Workflow Management 2018-05-04 15:20:10 UTC
This is an autogenerated message for OBS integration:
This bug (1033152) was mentioned in
https://build.opensuse.org/request/show/604051 42.3+Backports:SLE-12-SP3 / opencv
Comment 8 Swamp Workflow Management 2018-05-11 22:32:14 UTC
openSUSE-SU-2018:1265-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1033150,1033152
CVE References: CVE-2016-1516,CVE-2016-1517
Sources used:
openSUSE Leap 42.3 (src):    opencv-3.1.0-4.3.1, opencv-qt5-3.1.0-4.3.1
Comment 9 Swamp Workflow Management 2018-05-11 22:35:43 UTC
openSUSE-SU-2018:1271-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1033150,1033152
CVE References: CVE-2016-1516,CVE-2016-1517
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    opencv-3.1.0-5.1, opencv-qt5-3.1.0-5.1
Comment 10 Qiang Zheng 2018-05-16 07:02:52 UTC
*** Bug 1052454 has been marked as a duplicate of this bug. ***
Comment 11 Qiang Zheng 2018-05-16 07:11:11 UTC
It is a duplicate of this bug:
https://bugzilla.opensuse.org/show_bug.cgi?id=1033150
Comment 12 Swamp Workflow Management 2018-05-23 13:10:20 UTC
openSUSE-SU-2018:1385-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1033152,1052451,1052454,1052455,1052456,1052457,1052459,1052461,1052462,1052465,1054019,1054020,1054021,1054984,1057146
CVE References: CVE-2016-1516,CVE-2017-12597,CVE-2017-12598,CVE-2017-12599,CVE-2017-12600,CVE-2017-12601,CVE-2017-12602,CVE-2017-12603,CVE-2017-12604,CVE-2017-12605,CVE-2017-12606,CVE-2017-12862,CVE-2017-12863,CVE-2017-12864,CVE-2017-14136
Sources used:
openSUSE Leap 42.3 (src):    opencv-3.1.0-4.6.1, opencv-qt5-3.1.0-4.6.1
Comment 13 Marcus Meissner 2018-06-11 16:12:24 UTC
released