Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jypn-sttp-tkgm
Vulnerability ID VCID-jypn-sttp-tkgm
Aliases CVE-2019-5064
GHSA-q799-q27x-vp7w
Summary Out-of-bounds Write An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/opencv/opencv/issues/15857
https://github.com/opencv/opencv-python/releases/tag/32
https://github.com/opencv/opencv/releases/tag/4.2.0
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
CVE-2019-5064 https://nvd.nist.gov/vuln/detail/CVE-2019-5064
GHSA-q799-q27x-vp7w https://github.com/advisories/GHSA-q799-q27x-vp7w
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:40:09.541307+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/opencv-contrib-python/CVE-2019-5064.yml 38.6.0