CVE-2023-2618 – OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak
https://notcve.org/view.php?id=CVE-2023-2618
A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. • https://github.com/opencv/opencv_contrib/pull/3484 https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 https://vuldb.com/?ctiid.228548 https://vuldb.com/?id.228548 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-2617 – OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference
https://notcve.org/view.php?id=CVE-2023-2617
A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270 https://github.com/opencv/opencv_contrib/pull/3480 https://vuldb.com/?ctiid.228547 https://vuldb.com/?id.228547 • CWE-476: NULL Pointer Dereference •
CVE-2019-5064
https://notcve.org/view.php?id=CVE-2019-5064
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico explotable en la funcionalidad de persistencia de la estructura de datos de OpenCV, anterior a la versión 4.2.0. Un archivo JSON especialmente diseñado puede causar un desbordamiento del búfer, lo que da como resultado múltiples corrupciones en el montón y, potencialmente, la ejecución del código. • https://github.com/opencv/opencv/issues/15857 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2019-5063
https://notcve.org/view.php?id=CVE-2019-5063
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de la pila en la funcionalidad de persistencia de la estructura de datos de OpenCV versión 4.1.0. Un archivo XML especialmente diseñado puede causar un desbordamiento de búfer, resultando en múltiples corrupciones de la pila y potencialmente una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2019-19624
https://notcve.org/view.php?id=CVE-2019-19624
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. Se detectó una lectura fuera de límites en OpenCV versiones anteriores a 4.1.1. Específicamente, una variable coarsest_scale es asumida para ser mayor o igual que finest_scale dentro de las funciones calc() y ocl_calc() en el archivo dis_flow.cpp. • https://access.redhat.com/security/cve/cve-2019-19624 https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 https://github.com/opencv/opencv/issues/14554 • CWE-125: Out-of-bounds Read •