Candidate: CVE-2017-12600
PublicDate: 2017-08-07 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12600
 https://github.com/opencv/opencv/issues/9311
 https://github.com/xiaoqx/pocs/blob/master/opencv.md
Description:
 OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of
 service (CPU consumption) issue, as demonstrated by the
 11-opencv-dos-cpu-exhaust test case.
Ubuntu-Description:
 It was discovered that OpenCV incorrectly handled certain image files.
 An attacker could possibly use this issue to cause a denial of service,
 execute arbitrary code or other unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_opencv:
upstream_opencv: needs-triage
precise/esm_opencv: DNE
trusty_opencv: released (2.4.8+dfsg1-2ubuntu1.1)
trusty/esm_opencv: released (2.4.8+dfsg1-2ubuntu1.1)

vivid/ubuntu-core_opencv: DNE
xenial_opencv: released (2.4.9.1+dfsg-1.5ubuntu1.1)

zesty_opencv: ignored (reached end-of-life)
artful_opencv: ignored (reached end-of-life)
bionic_opencv: released (3.2.0+dfsg-4ubuntu0.1)

devel_opencv: released (3.2.0+dfsg-4.1ubuntu0.1)