| 0 |
| url |
VCID-1qhy-7pnz-aqga |
| vulnerability_id |
VCID-1qhy-7pnz-aqga |
| summary |
Out-of-bounds Write
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-14492, GHSA-fw99-f933-rgh8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1qhy-7pnz-aqga |
|
| 1 |
| url |
VCID-21n5-7ukh-gyfr |
| vulnerability_id |
VCID-21n5-7ukh-gyfr |
| summary |
NULL Pointer Dereference
An issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-14493, GHSA-3448-vrgh-85xr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-21n5-7ukh-gyfr |
|
| 2 |
| url |
VCID-25vm-cytf-bqb1 |
| vulnerability_id |
VCID-25vm-cytf-bqb1 |
| summary |
Out-of-bounds Write
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-5063, GHSA-m6vm-8g8v-xfjh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-25vm-cytf-bqb1 |
|
| 3 |
| url |
VCID-3zc6-3229-wfcc |
| vulnerability_id |
VCID-3zc6-3229-wfcc |
| summary |
Divide By Zero
An issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-15939, GHSA-hxfw-jm98-v4mq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zc6-3229-wfcc |
|
| 4 |
| url |
VCID-dv7w-p358-1qda |
| vulnerability_id |
VCID-dv7w-p358-1qda |
| summary |
Out-of-bounds Read
An issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-14491, GHSA-fm39-cw8h-3p63
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dv7w-p358-1qda |
|
| 5 |
| url |
VCID-fjy7-r2wm-n3b4 |
| vulnerability_id |
VCID-fjy7-r2wm-n3b4 |
| summary |
Out-of-bounds Read
An out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-19624, GHSA-jggw-2q6g-c3m6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjy7-r2wm-n3b4 |
|
| 6 |
| url |
VCID-h4q9-6f9w-c3ag |
| vulnerability_id |
VCID-h4q9-6f9w-c3ag |
| summary |
opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/opencv/opencv-python |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/opencv/opencv-python |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
GHSA-w2pj-9cgh-mq2c
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h4q9-6f9w-c3ag |
|
| 7 |
| url |
VCID-h7gk-61kp-8ygz |
| vulnerability_id |
VCID-h7gk-61kp-8ygz |
| summary |
Out-of-bounds Read
OpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-16249, GHSA-x3rm-644h-67m8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h7gk-61kp-8ygz |
|
| 8 |
| url |
VCID-jypn-sttp-tkgm |
| vulnerability_id |
VCID-jypn-sttp-tkgm |
| summary |
Out-of-bounds Write
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-5064, GHSA-q799-q27x-vp7w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jypn-sttp-tkgm |
|
| 9 |
| url |
VCID-kxqz-tbvz-gfcs |
| vulnerability_id |
VCID-kxqz-tbvz-gfcs |
| summary |
Out-of-bounds Write
In opencv calls that use libpng, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-9423, GHSA-8849-5h85-98qw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kxqz-tbvz-gfcs |
|
| 10 |
| url |
VCID-qn1c-mtud-5kbq |
| vulnerability_id |
VCID-qn1c-mtud-5kbq |
| summary |
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
PYSEC-2023-182
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn1c-mtud-5kbq |
|