31 results (0.004 seconds)

CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 1

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico explotable en la funcionalidad de persistencia de la estructura de datos de OpenCV, anterior a la versión 4.2.0. Un archivo JSON especialmente diseñado puede causar un desbordamiento del búfer, lo que da como resultado múltiples corrupciones en el montón y, potencialmente, la ejecución del código. • https://github.com/opencv/opencv/issues/15857 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 13%CPEs: 4EXPL: 1

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de la pila en la funcionalidad de persistencia de la estructura de datos de OpenCV versión 4.1.0. Un archivo XML especialmente diseñado puede causar un desbordamiento de búfer, resultando en múltiples corrupciones de la pila y potencialmente una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. Se detectó una lectura fuera de límites en OpenCV versiones anteriores a 4.1.1. Específicamente, una variable coarsest_scale es asumida para ser mayor o igual que finest_scale dentro de las funciones calc() y ocl_calc() en el archivo dis_flow.cpp. • https://access.redhat.com/security/cve/cve-2019-19624 https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 https://github.com/opencv/opencv/issues/14554 • CWE-125: Out-of-bounds Read •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. Se detectó un problema en OpenCV versión 4.1.0. Hay un error de división por cero en cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html https://github.com/OpenCV/opencv/issues/15287 https://github.com/opencv/opencv/pull/15382 https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-369: Divide By Zero •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. Se detectó un problema en OpenCV anterior a versión 4.1.1. Se presenta una desreferencia de puntero NULL en la función cv::XMLParser::parse en el archivo modules/core/src/persistence.cpp. • https://github.com/opencv/opencv/compare/371bba8...ddbd10c https://github.com/opencv/opencv/issues/15127 https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html • CWE-476: NULL Pointer Dereference •