Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2019-14491
HistoryAug 01, 2019 - 12:00 a.m.

CVE-2019-14491

2019-08-0100:00:00
ubuntu.com
ubuntu.com
9

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There
is an out of bounds read in the function
cv::predictOrdered<cv::HaarEvaluator> in
modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

Notes

Author Note
ccdm94 in xenial and earlier, it is necessary to backport the fix for this CVE. However, changes in the code that have occurred since the release of versions available in xenial and earlier cause this backport to be quite intrusive. To backport and properly apply the patch, it would be necessary to alter library functions that are exported, meaning that it would be necessary to alter their interfaces, which could end up causing regressions in software that uses the opencv library to operate. It also seems like a backported version of the patch does not completely fix the vulnerability, with the POC file causing a similar crash, even after the fix is applied.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopencv< 3.2.0+dfsg-4ubuntu0.1+esm2UNKNOWN

Related

veracode 1
nessus 5
osv 3
redhatcve 1
openvas 2
fedora 1
debiancve 1
prion 1
cve 1
github 1
ubuntucve 1
suse 1
ibm 1
mageia 1
ubuntu 1
veracode
veracode
Denial Of Service (DoS)
2019-09-18 01:41:24
nessus
nessus
Fedora 31 : opencv (2019-20ef0e76fe)
2019-12-03 00:00:00
SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-2)
2020-07-09 00:00:00
SUSE SLED15 / SLES15 Security Update : opencv (SUSE-SU-2019:3192-1)
2019-12-06 00:00:00
osv
osv
Out-of-bounds Read in OpenCV
2021-10-12 22:07:14
CVE-2019-14491
2019-08-01 17:15:13
opencv vulnerabilities
2022-09-28 14:52:46
redhatcve
redhatcve
CVE-2019-14491
2019-09-13 13:51:18
openvas
openvas
Fedora Update for opencv FEDORA-2019-20ef0e76fe
2020-01-09 00:00:00
openSUSE: Security Advisory for opencv (openSUSE-SU-2019:2671-1)
2020-01-09 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: opencv-3.4.8-1.fc31
2019-12-02 01:15:06
debiancve
debiancve
CVE-2019-14491
2019-08-01 17:15:00
prion
prion
Out-of-bounds
2019-08-01 17:15:00
cve
cve
CVE-2019-14491
2019-08-01 17:15:00
github
github
Out-of-bounds Read in OpenCV
2021-10-12 22:07:14
ubuntucve
ubuntucve
CVE-2019-14492
2019-08-01 00:00:00
suse
suse
Security update for opencv (moderate)
2019-12-11 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI
2020-01-22 18:27:12
mageia
mageia
Updated opencv packages fix security vulnerabilities
2020-01-12 02:52:04
ubuntu
ubuntu
OpenCV vulnerabilities
2022-09-28 00:00:00

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON
Related for UB:CVE-2019-14491
veracode1nessus5osv3redhatcve1openvas2fedora1debiancve1prion1cve1github1ubuntucve1suse1ibm1mageia1ubuntu1