Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1qhy-7pnz-aqga

Summary

Out-of-bounds Write
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

Aliases

alias	CVE-2019-14492

alias	GHSA-fw99-f933-rgh8

Fixed_packages

url pkg:pypi/opencv-contrib-python@3.4.7.28

purl pkg:pypi/opencv-contrib-python@3.4.7.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-58aj-jc6y-dqcg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.4.7.28

url pkg:pypi/opencv-contrib-python@4.1.1.26

purl pkg:pypi/opencv-contrib-python@4.1.1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-58aj-jc6y-dqcg

vulnerability	VCID-h7gk-61kp-8ygz

vulnerability	VCID-kxqz-tbvz-gfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.1.26

url pkg:pypi/opencv-contrib-python-headless@3.4.7.28

purl pkg:pypi/opencv-contrib-python-headless@3.4.7.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qn1c-mtud-5kbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@3.4.7.28

url pkg:pypi/opencv-contrib-python-headless@4.1.1.26

purl pkg:pypi/opencv-contrib-python-headless@4.1.1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h7gk-61kp-8ygz

vulnerability	VCID-kxqz-tbvz-gfcs

vulnerability	VCID-qn1c-mtud-5kbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.1.1.26

url pkg:pypi/opencv-python@3.4.7.28

purl pkg:pypi/opencv-python@3.4.7.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73g1-r39e-z7ez

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.4.7.28

url pkg:pypi/opencv-python@4.1.1.26

purl pkg:pypi/opencv-python@4.1.1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-73g1-r39e-z7ez

vulnerability	VCID-h7gk-61kp-8ygz

vulnerability	VCID-kxqz-tbvz-gfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.1.1.26

url pkg:pypi/opencv-python-headless@3.4.7.28

purl pkg:pypi/opencv-python-headless@3.4.7.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jxkd-vrvp-5bhm

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@3.4.7.28

url pkg:pypi/opencv-python-headless@4.1.1.26

purl pkg:pypi/opencv-python-headless@4.1.1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h7gk-61kp-8ygz

vulnerability	VCID-jxkd-vrvp-5bhm

vulnerability	VCID-kxqz-tbvz-gfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.1.1.26

Affected_packages

url pkg:pypi/opencv-contrib-python@3.4.6.27

purl pkg:pypi/opencv-contrib-python@3.4.6.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-58aj-jc6y-dqcg

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.4.6.27

url pkg:pypi/opencv-contrib-python@4.0.0.21

purl pkg:pypi/opencv-contrib-python@4.0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-58aj-jc6y-dqcg

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.0.0.21

url pkg:pypi/opencv-contrib-python@4.1.0.25

purl pkg:pypi/opencv-contrib-python@4.1.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-21n5-7ukh-gyfr

vulnerability	VCID-25vm-cytf-bqb1

vulnerability	VCID-3zc6-3229-wfcc

vulnerability	VCID-58aj-jc6y-dqcg

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.0.25

url pkg:pypi/opencv-contrib-python-headless@3.4.6.27

purl pkg:pypi/opencv-contrib-python-headless@3.4.6.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-qn1c-mtud-5kbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@3.4.6.27

url pkg:pypi/opencv-contrib-python-headless@4.0.0.21

purl pkg:pypi/opencv-contrib-python-headless@4.0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-qn1c-mtud-5kbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.0.0.21

url pkg:pypi/opencv-contrib-python-headless@4.1.0.25

purl pkg:pypi/opencv-contrib-python-headless@4.1.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-21n5-7ukh-gyfr

vulnerability	VCID-25vm-cytf-bqb1

vulnerability	VCID-3zc6-3229-wfcc

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-qn1c-mtud-5kbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.1.0.25

url pkg:pypi/opencv-python@3.4.6.27

purl pkg:pypi/opencv-python@3.4.6.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-73g1-r39e-z7ez

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.4.6.27

url pkg:pypi/opencv-python@4.0.0.21

purl pkg:pypi/opencv-python@4.0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-73g1-r39e-z7ez

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.0.0.21

url pkg:pypi/opencv-python@4.1.0.25

purl pkg:pypi/opencv-python@4.1.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-21n5-7ukh-gyfr

vulnerability	VCID-25vm-cytf-bqb1

vulnerability	VCID-3zc6-3229-wfcc

vulnerability	VCID-73g1-r39e-z7ez

vulnerability	VCID-dv7w-p358-1qda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.1.0.25

url pkg:pypi/opencv-python-headless@3.4.6.27

purl pkg:pypi/opencv-python-headless@3.4.6.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-jxkd-vrvp-5bhm

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@3.4.6.27

url pkg:pypi/opencv-python-headless@4.0.0.21

purl pkg:pypi/opencv-python-headless@4.0.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-jxkd-vrvp-5bhm

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.0.0.21

url pkg:pypi/opencv-python-headless@4.1.0.25

purl pkg:pypi/opencv-python-headless@4.1.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qhy-7pnz-aqga

vulnerability	VCID-21n5-7ukh-gyfr

vulnerability	VCID-25vm-cytf-bqb1

vulnerability	VCID-3zc6-3229-wfcc

vulnerability	VCID-dv7w-p358-1qda

vulnerability	VCID-jxkd-vrvp-5bhm

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.1.0.25

References

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html

reference_url	https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
reference_id
reference_type
scores
url	https://github.com/opencv/opencv/compare/33b765d...4a7ca5a

reference_url	https://github.com/opencv/opencv/compare/371bba8...ddbd10c
reference_id
reference_type
scores
url	https://github.com/opencv/opencv/compare/371bba8...ddbd10c

reference_url	https://github.com/opencv/opencv/issues/15124
reference_id
reference_type
scores
url	https://github.com/opencv/opencv/issues/15124

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-14492
reference_id	CVE-2019-14492
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-14492

reference_url	https://github.com/advisories/GHSA-fw99-f933-rgh8
reference_id	GHSA-fw99-f933-rgh8
reference_type
scores
url	https://github.com/advisories/GHSA-fw99-f933-rgh8

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	125
name	Out-of-bounds Read
description	The product reads data past the end, or before the beginning, of the intended buffer.

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qhy-7pnz-aqga

Vulnerability Instance