7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
71.1%
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There
is an out of bounds read/write in the function
HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp,
which leads to denial of service.
Author | Note |
---|---|
ccdm94 | the commit that fixes this issue is the same as the one for CVE-2019-14491. See: https://github.com/opencv/opencv/pull/15150. In xenial and earlier, it is necessary to backport the fix for this CVE. However, changes in the code that have occurred since the release of versions available in xenial and earlier cause this backport to be quite intrusive. To backport and properly apply the patch, it would be necessary to alter library functions that are exported, meaning that it would be necessary to alter their interfaces, which could end up causing regressions in software that uses the opencv library to operate. It also seems like a backported version of the patch does not completely fix the vulnerability, with the POC file causing a similar crash, even after the fix is applied. |
github.com/opencv/opencv/compare/33b765d...4a7ca5a
github.com/opencv/opencv/compare/371bba8...ddbd10c
github.com/opencv/opencv/issues/15124
launchpad.net/bugs/cve/CVE-2019-14492
nvd.nist.gov/vuln/detail/CVE-2019-14492
security-tracker.debian.org/tracker/CVE-2019-14492
ubuntu.com/security/notices/USN-4818-1
www.cve.org/CVERecord?id=CVE-2019-14492
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
71.1%