Lucene search
GitHub Advisory DatabaseGHSA-M6VM-8G8V-XFJHHistoryOct 12, 2021 - 10:23 p.m.
Out-of-bounds Write in OpenCV
2021-10-1222:23:13
CWE-787
GitHub Advisory Database
github.com
11
0.137 Low
EPSS
Percentile
95.6%
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 (corresponds with OpenCV-Python 4.1.0.25). A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opencv-contrib-python-headless | le | 4.1.0.25 | |
| opencv-contrib-python | le | 4.1.0.25 | |
| opencv-python-headless | le | 4.1.0.25 | |
| opencv-python | le | 4.1.0.25 |
References
github.com/advisories/GHSA-m6vm-8g8v-xfjh
github.com/opencv/opencv-python/releases/tag/25
github.com/opencv/opencv/issues/16951
nvd.nist.gov/vuln/detail/CVE-2019-5063
talosintelligence.com/vulnerability_reports/TALOS-2019-0852
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
Related
osv
osv
Out-of-bounds Write in OpenCV
2021-10-12 22:23:13
CVE-2019-5063
2020-01-03 17:15:12
cve
cve
CVE-2019-5063
2020-01-03 17:15:00
redhatcve
redhatcve
CVE-2019-5063
2020-01-11 15:09:44
veracode
veracode
Denial Of Service (DoS)
2020-01-09 07:06:54
debiancve
debiancve
CVE-2019-5063
2020-01-03 17:15:00
prion
prion
Heap overflow
2020-01-03 17:15:00
cvelist
cvelist
CVE-2019-5063
2020-01-03 16:57:31
ubuntucve
ubuntucve
CVE-2019-5063
2020-01-03 00:00:00
talos
talos
OpenCV XML Persistence Parser Buffer Overflow Vulnerability
2020-01-02 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV
2020-01-02 14:44:45
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00