OpenCV means Intel=EF=BF=BD=EF=BF=BD Open Source Computer Vision Library. I t is a collection of C functions and a few C++ classes that implement some popular Image Process ing and Computer Vision algorithms.
{"redhatcve": [{"lastseen": "2022-06-08T08:12:14", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-09-13T13:51:18", "type": "redhatcve", "title": "CVE-2019-14491", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2022-06-08T06:21:52", "id": "RH:CVE-2019-14491", "href": "https://access.redhat.com/security/cve/cve-2019-14491", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:30:12", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There\nis an out of bounds read in the function\ncv::predictOrdered<cv::HaarEvaluator> in\nmodules/objdetect/src/cascadedetect.hpp, which leads to denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2019-08-01T00:00:00", "type": "ubuntucve", "title": "CVE-2019-14491", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2019-08-01T00:00:00", "id": "UB:CVE-2019-14491", "href": "https://ubuntu.com/security/CVE-2019-14491", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "github": [{"lastseen": "2022-04-15T14:32:17", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 (OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26). There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-10-12T22:07:14", "type": "github", "title": "Out-of-bounds Read in OpenCV", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2021-10-12T22:07:14", "id": "GHSA-FM39-CW8H-3P63", "href": "https://github.com/advisories/GHSA-fm39-cw8h-3p63", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2022-06-10T04:57:45", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 (OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26). There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-10-12T22:07:14", "type": "osv", "title": "Out-of-bounds Read in OpenCV", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2022-06-10T02:17:05", "id": "OSV:GHSA-FM39-CW8H-3P63", "href": "https://osv.dev/vulnerability/GHSA-fm39-cw8h-3p63", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-10-16T00:22:00", "description": "Update to 3.4.8\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Fedora 31 : opencv (2019-20ef0e76fe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14491"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:opencv", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-20EF0E76FE.NASL", "href": "https://www.tenable.com/plugins/nessus/131444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-20ef0e76fe.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131444);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-14491\");\n script_xref(name:\"FEDORA\", value:\"2019-20ef0e76fe\");\n\n script_name(english:\"Fedora 31 : opencv (2019-20ef0e76fe)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.4.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-20ef0e76fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opencv package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"opencv-3.4.8-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opencv\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:14:28", "description": "This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).\n\nCVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348).\n\nCVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed :\n\nFixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-15939"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:opencv-debuginfo", "p-cpe:/a:novell:suse_linux:opencv-debugsource", "p-cpe:/a:novell:suse_linux:python2-opencv", "p-cpe:/a:novell:suse_linux:python2-opencv-debuginfo", "p-cpe:/a:novell:suse_linux:python3-opencv", "p-cpe:/a:novell:suse_linux:python3-opencv-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-3192-2.NASL", "href": "https://www.tenable.com/plugins/nessus/138254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3192-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138254);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-14491\", \"CVE-2019-14492\", \"CVE-2019-15939\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14491: Fixed an out of bounds read in the function\ncv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).\n\nCVE-2019-14492: Fixed an out of bounds read/write in the function\nHaarEvaluator:OptFeature:calc, which leads to denial of service\n(bsc#1144348).\n\nCVE-2019-15939: Fixed a divide-by-zero error in\ncv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed :\n\nFixed an issue in opencv-devel that broke builds with 'No rule to make\ntarget opencv_calib3d-NOTFOUND' (bsc#1154091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15939/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193192-2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?302a3300\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1875=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1875=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1875=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14491\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opencv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opencv\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-16T12:35:25", "description": "This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).\n\n - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348).\n\n - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed :\n\n - Fixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opencv (openSUSE-2019-2671)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-15939"], "modified": "2019-12-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopencv3_3", "p-cpe:/a:novell:opensuse:libopencv3_3-debuginfo", "p-cpe:/a:novell:opensuse:opencv", "p-cpe:/a:novell:opensuse:opencv-debuginfo", "p-cpe:/a:novell:opensuse:opencv-debugsource", "p-cpe:/a:novell:opensuse:opencv-devel", "p-cpe:/a:novell:opensuse:python2-opencv", "p-cpe:/a:novell:opensuse:python2-opencv-debuginfo", "p-cpe:/a:novell:opensuse:python3-opencv", "p-cpe:/a:novell:opensuse:python3-opencv-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2671.NASL", "href": "https://www.tenable.com/plugins/nessus/131996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2671.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131996);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2019-14491\", \"CVE-2019-14492\", \"CVE-2019-15939\");\n\n script_name(english:\"openSUSE Security Update : opencv (openSUSE-2019-2671)\");\n script_summary(english:\"Check for the openSUSE-2019-2671 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14491: Fixed an out of bounds read in the\n function cv:predictOrdered<cv:HaarEvaluator>, leading to\n DOS (bsc#1144352).\n\n - CVE-2019-14492: Fixed an out of bounds read/write in the\n function HaarEvaluator:OptFeature:calc, which leads to\n denial of service (bsc#1144348).\n\n - CVE-2019-15939: Fixed a divide-by-zero error in\n cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed :\n\n - Fixed an issue in opencv-devel that broke builds with\n 'No rule to make target opencv_calib3d-NOTFOUND'\n (bsc#1154091).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154091\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected opencv packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopencv3_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopencv3_3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opencv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opencv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libopencv3_3-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libopencv3_3-debuginfo-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opencv-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opencv-debuginfo-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opencv-debugsource-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opencv-devel-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-opencv-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-opencv-debuginfo-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-opencv-3.3.1-lp151.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-opencv-debuginfo-3.3.1-lp151.6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopencv3_3 / libopencv3_3-debuginfo / opencv / opencv-debuginfo / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:26", "description": "This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<haarevaluator>, leading to DOS (bsc#1144352).\n</haarevaluator>\n\nCVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348).\n\nCVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed: Fixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2019-12-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-15939"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:opencv-debuginfo", "p-cpe:/a:novell:suse_linux:opencv-debugsource", "p-cpe:/a:novell:suse_linux:opencv-doc", "p-cpe:/a:novell:suse_linux:python2-opencv", "p-cpe:/a:novell:suse_linux:python2-opencv-debuginfo", "p-cpe:/a:novell:suse_linux:python3-opencv", "p-cpe:/a:novell:suse_linux:python3-opencv-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-3192-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3192-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131760);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-14491\", \"CVE-2019-14492\", \"CVE-2019-15939\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opencv fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14491: Fixed an out of bounds read in the function\ncv:predictOrdered<haarevaluator>, leading to DOS (bsc#1144352).\n</haarevaluator>\n\nCVE-2019-14492: Fixed an out of bounds read/write in the function\nHaarEvaluator:OptFeature:calc, which leads to denial of service\n(bsc#1144348).\n\nCVE-2019-15939: Fixed a divide-by-zero error in\ncv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\nNon-security issue fixed: Fixed an issue in opencv-devel that broke\nbuilds with 'No rule to make target opencv_calib3d-NOTFOUND'\n(bsc#1154091).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15939/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193192-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?527c39e4\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-3192=1\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-3192=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-3192=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3192=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-3192=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opencv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:opencv-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-opencv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-opencv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"opencv-doc-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"opencv-doc-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"opencv-doc-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opencv-debugsource-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"opencv-doc-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python2-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python2-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-opencv-3.3.1-6.6.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-opencv-debuginfo-3.3.1-6.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opencv\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-14T14:48:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for opencv FEDORA-2019-20ef0e76fe", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14491"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877311", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877311\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14491\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:37:26 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for opencv FEDORA-2019-20ef0e76fe\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-20ef0e76fe\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opencv'\n package(s) announced via the FEDORA-2019-20ef0e76fe advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenCV means Intel Open Source Computer Vision Library. It is a collection of\nC functions and a few C++ classes that implement some popular Image Processing\nand Computer Vision algorithms.\");\n\n script_tag(name:\"affected\", value:\"'opencv' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv\", rpm:\"opencv~3.4.8~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-31T16:30:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for opencv (openSUSE-SU-2019:2671-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15939", "CVE-2019-14491", "CVE-2019-14492"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852938", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852938\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-14491\", \"CVE-2019-14492\", \"CVE-2019-15939\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:46:42 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for opencv (openSUSE-SU-2019:2671-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2671-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'opencv'\n package(s) announced via the openSUSE-SU-2019:2671-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for opencv fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-14491: Fixed an out of bounds read in the function\n cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).\n\n - CVE-2019-14492: Fixed an out of bounds read/write in the function\n HaarEvaluator:OptFeature:calc, which leads to denial of service\n (bsc#1144348).\n\n - CVE-2019-15939: Fixed a divide-by-zero error in\n cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\n Non-security issue fixed:\n\n - Fixed an issue in opencv-devel that broke builds with 'No rule to make\n target opencv_calib3d-NOTFOUND' (bsc#1154091).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2671=1\");\n\n script_tag(name:\"affected\", value:\"'opencv' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libopencv3_3\", rpm:\"libopencv3_3~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopencv3_3-debuginfo\", rpm:\"libopencv3_3-debuginfo~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv\", rpm:\"opencv~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv-debuginfo\", rpm:\"opencv-debuginfo~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv-debugsource\", rpm:\"opencv-debugsource~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv-devel\", rpm:\"opencv-devel~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"opencv-doc\", rpm:\"opencv-doc~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-opencv\", rpm:\"python2-opencv~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-opencv-debuginfo\", rpm:\"python2-opencv-debuginfo~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-opencv\", rpm:\"python3-opencv~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-opencv-debuginfo\", rpm:\"python3-opencv-debuginfo~3.3.1~lp151.6.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T20:35:24", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-08-01T17:15:00", "type": "cve", "title": "CVE-2019-14491", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2019-12-02T03:15:00", "cpe": [], "id": "CVE-2019-14491", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14491", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-07-04T06:01:18", "description": "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-08-01T17:15:00", "type": "debiancve", "title": "CVE-2019-14491", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491"], "modified": "2019-08-01T17:15:00", "id": "DEBIANCVE:CVE-2019-14491", "href": "https://security-tracker.debian.org/tracker/CVE-2019-14491", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:34", "description": "An update that solves three vulnerabilities and has one\n errata is now available.\n\nDescription:\n\n This update for opencv fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-14491: Fixed an out of bounds read in the function\n cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352).\n - CVE-2019-14492: Fixed an out of bounds read/write in the function\n HaarEvaluator:OptFeature:calc, which leads to denial of service\n (bsc#1144348).\n - CVE-2019-15939: Fixed a divide-by-zero error in\n cv:HOGDescriptor:getDescriptorSize (bsc#1149742).\n\n Non-security issue fixed:\n\n - Fixed an issue in opencv-devel that broke builds with \"No rule to make\n target opencv_calib3d-NOTFOUND\" (bsc#1154091).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2671=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-12-11T00:00:00", "type": "suse", "title": "Security update for opencv (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-15939"], "modified": "2019-12-11T00:00:00", "id": "OPENSUSE-SU-2019:2671-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JGAQFMV6GQEJ2HUR6FWVV3CJH3MNBECB/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:58:08", "description": "## Summary\n\nMultiple Vulnerabilities CVE-2019-14493, CVE-2019-14492 and CVE-2019-14491 were found in OpenCV package.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-14493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14493>) \n**DESCRIPTION: **An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-14492](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14492>) \n**DESCRIPTION: **\n\nAn issue was discovered in OpenCV versions earlier than 3.4.7 and version 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-14491](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14491>) \n**DESCRIPTION: **An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164697](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164697>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM PowerAI | 1.5.4 \nIBM PowerAI | 1.6.0 \nWatson Machine Learning Community Edition | 1.6.1 \nWatson Machine Learning Community Edition | 1.6.2 \nWatson Machine Learning Accelerator | 1.1.2 \n \nNote : The product was renamed after the 1.6.0 version.\n\n## Remediation/Fixes\n\n**For IBM PowerAI 1.5.4 and Watson Machine Learning Accelerator 1.1.2:**\n\nDownload fix : [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+PowerAI&fixids=powerai-security-fix-ppc64le-rhel-1.5.4&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+PowerAI&fixids=powerai-security-fix-ppc64le-rhel-1.5.4&source=SAR>)\n\nInstall instructions: <https://www.ibm.com/support/pages/node/1135077>\n\n**For IBM PowerAI 1.6.0 and ****Watson Machine Learning Community Edition**** 1.6.1 :**\n\nUpgrade to WML CE 1.6.2, which includes the fixes. See <https://www.ibm.com/support/knowledgecenter/SS5SF7> for upgrading instructions.\n\n**For ****Watson Machine Learning Community Edition**** 1.6.2 :**\n\n[](<https://github.ibm.com/mldlppc/caffe-squad-docprep/blob/master/1.6.2-ifix.md#installing-from-wml-ce-with-ifix-from-scratch>)**For installing WML CE from scratch**\n\nNew installations of WML CE include all security fixes. See <https://www.ibm.com/support/knowledgecenter/SS5SF7> for installation instructions.\n\n## [](<https://github.ibm.com/mldlppc/caffe-squad-docprep/blob/master/1.6.2-ifix.md#updating-an-existing-wml-ce-installation>)**Updating an existing WML CE installation**\n\nIt is recommended to keep packages up to date. To update all packages to the latest versions use:\n \n \n conda update --all\n \n\nTo update individual packages, use the package name:\n \n \n conda update tensorboard\n \n\nIf you have previously installed WML CE using the `powerai` meta-package, you can also use that to update to the latest packages.\n \n \n conda update powerai\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Jan 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SGLMYS\",\"label\":\"IBM PowerAI\"},\"Component\":\"OpenCV\",\"Platform\":[{\"code\":\"PF043\",\"label\":\"Red Hat\"}],\"Version\":\"1.5.4, 1.6.0, 1.6.1, 1.6.2\",\"Edition\":\"ALL\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Business Unit\":{\"code\":null,\"label\":null},\"Product\":{\"code\":\"SSFHA8\",\"label\":\"IBM PowerAI Enterprise\"},\"Component\":\"OpenCV\",\"Platform\":[{\"code\":\"PF043\",\"label\":\"Red Hat\"}],\"Version\":\"1.1.2\",\"Edition\":\"ALL\",\"Line of Business\":{\"code\":null,\"label\":null}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-01-22T18:27:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-14493"], "modified": "2020-01-22T18:27:12", "id": "3692033070AB9910DECF1CF8B9777DCE35F8723CF30BCE33D350FA4F1A4EC52E", "href": "https://www.ibm.com/support/pages/node/1274914", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14491) An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator:: OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14492) An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. (CVE-2019-15939) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-01-11T23:52:04", "type": "mageia", "title": "Updated opencv packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14491", "CVE-2019-14492", "CVE-2019-15939"], "modified": "2020-01-11T23:52:04", "id": "MGASA-2020-0030", "href": "https://advisories.mageia.org/MGASA-2020-0030.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}]}
[SECURITY] Fedora 31 Update: opencv-3.4.8-1.fc31
