{"containers": {"cna": {"affected": [{"product": "OpenCV 3.0.0", "vendor": "n/a", "versions": [{"status": "affected", "version": "OpenCV 3.0.0"}]}], "datePublic": "2017-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "double free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-30T21:06:13", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/opencv/opencv/issues/5956"}, {"tags": ["x_refsource_MISC"], "url": "https://arxiv.org/pdf/1701.04739.pdf"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenCV 3.0.0", "version": {"version_data": [{"version_value": "OpenCV 3.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "double free"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"}, {"name": "https://github.com/opencv/opencv/issues/5956", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/5956"}, {"name": "https://arxiv.org/pdf/1701.04739.pdf", "refsource": "MISC", "url": "https://arxiv.org/pdf/1701.04739.pdf"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.835Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/opencv/opencv/issues/5956"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://arxiv.org/pdf/1701.04739.pdf"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1516", "datePublished": "2017-04-10T03:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T22:55:14.835Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opencv:opencv:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C74D9691-E343-4669-905A-59DF09BA24C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code."}, {"lang": "es", "value": "OpenCV 3.0.0 tiene un problema de liberaci\u00f3n doble que permite a atacantes ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2016-1516", "lastModified": "2024-11-21T02:46:35.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-10T03:59:01.093", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://arxiv.org/pdf/1701.04739.pdf"}, {"source": "cret@cert.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/opencv/opencv/issues/5956"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://arxiv.org/pdf/1701.04739.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/opencv/opencv/issues/5956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "opencv: Double free vulnerability on crafted image", "id": "1443528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443528"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.", "A double-free flaw was found in the way OpenCV handled processing of image files. This flaw could potentially be used to crash applications using OpenCV by tricking users into processing specially crafted image files."], "name": "CVE-2016-1516", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "opencv", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "opencv", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-01-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1516\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1516\nhttps://arxiv.org/pdf/1701.04739.pdf"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}