CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-5064
https://notcve.org/view.php?id=CVE-2019-5064
03 Jan 2020 — An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico explotable en la funcionalidad de persistencia de la estructura de datos de OpenCV,... • https://github.com/opencv/opencv/issues/15857 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-5063
https://notcve.org/view.php?id=CVE-2019-5063
03 Jan 2020 — An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de la pila en la funcionalidad de persistencia de la estructura de datos de OpenCV versión 4.1.0. Un archivo XML especialmente dis... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19624
https://notcve.org/view.php?id=CVE-2019-19624
06 Dec 2019 — An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. Se detectó una lectura fuera de límites en OpenCV versiones anteriores a 4.1.1. Específicamente, una variable coarsest_scale es asumida para ser mayor o igual que finest_s... • https://access.redhat.com/security/cve/cve-2019-19624 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2019-15939
https://notcve.org/view.php?id=CVE-2019-15939
05 Sep 2019 — An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. Se detectó un problema en OpenCV versión 4.1.0. Hay un error de división por cero en cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14493 – Ubuntu Security Notice USN-7247-1
https://notcve.org/view.php?id=CVE-2019-14493
01 Aug 2019 — An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. Se detectó un problema en OpenCV anterior a versión 4.1.1. Se presenta una desreferencia de puntero NULL en la función cv::XMLParser::parse en el archivo modules/core/src/persistence.cpp. It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. • https://github.com/opencv/opencv/compare/371bba8...ddbd10c • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14492
https://notcve.org/view.php?id=CVE-2019-14492
01 Aug 2019 — An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. Se detectó un problema en OpenCV anterior a versión 3.4.7 y versiones 4.x anteriores a 4.1.1. Se presenta una lectura y escritura fuera de límites en la función HaarEvaluator::OptFeature::calc en el archivo modules/objdetect/src/cascadedetect.hpp, lo que conlleva a la denegación ... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14491
https://notcve.org/view.php?id=CVE-2019-14491
01 Aug 2019 — An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7714
https://notcve.org/view.php?id=CVE-2018-7714
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules / imgcodecs / src / loadsave.cpp en OpenCV 3.4.1 permite a los atacantes remotos causar u... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7712
https://notcve.org/view.php?id=CVE-2018-7712
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos c... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7713
https://notcve.org/view.php?id=CVE-2018-7713
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos ca... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •