The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. References: https://github.com/opencv/opencv/issues/10998 https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert
Created opencv tracking bugs for this issue: Affects: fedora-all [bug 1553468]