CVE-2019-19624
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
Se detectó una lectura fuera de límites en OpenCV versiones anteriores a 4.1.1. Específicamente, una variable coarsest_scale es asumida para ser mayor o igual que finest_scale dentro de las funciones calc() y ocl_calc() en el archivo dis_flow.cpp. Sin embargo, esto no es cierto cuando se trata de imágenes pequeñas, conllevando a una lectura fuera de límites de las matrices Ux y Uy asignadas de la pila.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-06 CVE Reserved
- 2019-12-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/security/cve/cve-2019-19624 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/opencv/opencv/issues/14554 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 | 2019-12-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opencv Search vendor "Opencv" | Opencv Search vendor "Opencv" for product "Opencv" | < 4.1.1 Search vendor "Opencv" for product "Opencv" and version " < 4.1.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|