{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41566?format=json","vulnerability_id":"VCID-1qhy-7pnz-aqga","summary":"Out-of-bounds Write\nAn issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.","aliases":[{"alias":"CVE-2019-14492"},{"alias":"GHSA-fw99-f933-rgh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50906?format=json","purl":"pkg:pypi/opencv-contrib-python@3.4.7.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-58aj-jc6y-dqcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.4.7.28"},{"url":"http://public2.vulnerablecode.io/api/packages/50929?format=json","purl":"pkg:pypi/opencv-contrib-python@4.1.1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-h7gk-61kp-8ygz"},{"vulnerability":"VCID-kxqz-tbvz-gfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.1.26"},{"url":"http://public2.vulnerablecode.io/api/packages/50844?format=json","purl":"pkg:pypi/opencv-contrib-python-headless@3.4.7.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qn1c-mtud-5kbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@3.4.7.28"},{"url":"http://public2.vulnerablecode.io/api/packages/50867?format=json","purl":"pkg:pypi/opencv-contrib-python-headless@4.1.1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7gk-61kp-8ygz"},{"vulnerability":"VCID-kxqz-tbvz-gfcs"},{"vulnerability":"VCID-qn1c-mtud-5kbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.1.1.26"},{"url":"http://public2.vulnerablecode.io/api/packages/50966?format=json","purl":"pkg:pypi/opencv-python@3.4.7.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73g1-r39e-z7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.4.7.28"},{"url":"http://public2.vulnerablecode.io/api/packages/50989?format=json","purl":"pkg:pypi/opencv-python@4.1.1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-h7gk-61kp-8ygz"},{"vulnerability":"VCID-kxqz-tbvz-gfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.1.1.26"},{"url":"http://public2.vulnerablecode.io/api/packages/51072?format=json","purl":"pkg:pypi/opencv-python-headless@3.4.7.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jxkd-vrvp-5bhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@3.4.7.28"},{"url":"http://public2.vulnerablecode.io/api/packages/51093?format=json","purl":"pkg:pypi/opencv-python-headless@4.1.1.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7gk-61kp-8ygz"},{"vulnerability":"VCID-jxkd-vrvp-5bhm"},{"vulnerability":"VCID-kxqz-tbvz-gfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.1.1.26"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50905?format=json","purl":"pkg:pypi/opencv-contrib-python@3.4.6.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@3.4.6.27"},{"url":"http://public2.vulnerablecode.io/api/packages/50925?format=json","purl":"pkg:pypi/opencv-contrib-python@4.0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/50928?format=json","purl":"pkg:pypi/opencv-contrib-python@4.1.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/50843?format=json","purl":"pkg:pypi/opencv-contrib-python-headless@3.4.6.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-qn1c-mtud-5kbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@3.4.6.27"},{"url":"http://public2.vulnerablecode.io/api/packages/50863?format=json","purl":"pkg:pypi/opencv-contrib-python-headless@4.0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-qn1c-mtud-5kbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/50866?format=json","purl":"pkg:pypi/opencv-contrib-python-headless@4.1.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-qn1c-mtud-5kbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python-headless@4.1.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/50965?format=json","purl":"pkg:pypi/opencv-python@3.4.6.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@3.4.6.27"},{"url":"http://public2.vulnerablecode.io/api/packages/50985?format=json","purl":"pkg:pypi/opencv-python@4.0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/50988?format=json","purl":"pkg:pypi/opencv-python@4.1.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-73g1-r39e-z7ez"},{"vulnerability":"VCID-dv7w-p358-1qda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python@4.1.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/51071?format=json","purl":"pkg:pypi/opencv-python-headless@3.4.6.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-jxkd-vrvp-5bhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@3.4.6.27"},{"url":"http://public2.vulnerablecode.io/api/packages/51090?format=json","purl":"pkg:pypi/opencv-python-headless@4.0.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-jxkd-vrvp-5bhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.0.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/51092?format=json","purl":"pkg:pypi/opencv-python-headless@4.1.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qhy-7pnz-aqga"},{"vulnerability":"VCID-21n5-7ukh-gyfr"},{"vulnerability":"VCID-25vm-cytf-bqb1"},{"vulnerability":"VCID-3zc6-3229-wfcc"},{"vulnerability":"VCID-dv7w-p358-1qda"},{"vulnerability":"VCID-jxkd-vrvp-5bhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-python-headless@4.1.0.25"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html"},{"reference_url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a"},{"reference_url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c"},{"reference_url":"https://github.com/opencv/opencv/issues/15124","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/issues/15124"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14492","reference_id":"CVE-2019-14492","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14492"},{"reference_url":"https://github.com/advisories/GHSA-fw99-f933-rgh8","reference_id":"GHSA-fw99-f933-rgh8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fw99-f933-rgh8"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe_id":787,"name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qhy-7pnz-aqga"}