Lucene search

GitHub Advisory DatabaseGHSA-8849-5H85-98QW

HistoryOct 12, 2021 - 10:22 p.m.

Out-of-bounds Write in OpenCV

2021-10-1222:22:17

CWE-787

GitHub Advisory Database

github.com

opencv

out-of-bounds write

missing bounds check

local escalation

android-10

android id

libpng

privilege escalation

security vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

Affected configurations

Vulners

Node

opencvopencv-contrib-python-headlessRange≤4.1.1.26

opencvopencv-contrib-pythonRange≤4.1.1.26

opencvopencv-python-headlessRange≤4.1.1.26

opencvpythonRange≤4.1.1.26

VendorProductVersionCPE
opencvopencv-contrib-python-headless*cpe:2.3:a:opencv:opencv-contrib-python-headless:*:*:*:*:*:*:*:*
opencvopencv-contrib-python*cpe:2.3:a:opencv:opencv-contrib-python:*:*:*:*:*:*:*:*
opencvopencv-python-headless*cpe:2.3:a:opencv:opencv-python-headless:*:*:*:*:*:*:*:*
opencvpython*cpe:2.3:a:opencv:python:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opencv	opencv-contrib-python-headless	*	cpe:2.3:a:opencv:opencv-contrib-python-headless::::::::
opencv	opencv-contrib-python	*	cpe:2.3:a:opencv:opencv-contrib-python::::::::
opencv	opencv-python-headless	*	cpe:2.3:a:opencv:opencv-python-headless::::::::
opencv	python	*	cpe:2.3:a:opencv:python::::::::