A flaw was found in OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. [UPSTREAM BUG] https://github.com/opencv/opencv/issues/10479 [UPSTREAM PATCH] https://github.com/opencv/opencv/pull/10480
Created opencv tracking bugs for this issue: Affects: fedora-all [bug 1531277]
RHEL6 and 7 don't ship the affected code, RHEL8 already contains the fix.
Statement: This issue did not affect the versions of opencv as shipped with Red Hat Enterprise Linux 6, 7, and 8.