Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1xNzk5LXEyN3gtdnA3d80WOg

Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 (corresponds with OpenCV-Python version 4.1.2.30). A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

Permalink: https://github.com/advisories/GHSA-q799-q27x-vp7w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNzk5LXEyN3gtdnA3d80WOg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00487
EPSS Percentile: 0.75768

Identifiers: GHSA-q799-q27x-vp7w, CVE-2019-5064
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-5064
• https://github.com/opencv/opencv/issues/15857
• https://github.com/opencv/opencv-python/releases/tag/32
• https://github.com/opencv/opencv/releases/tag/4.2.0
• https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://github.com/advisories/GHSA-q799-q27x-vp7w

Repository: https://github.com/opencv/opencv
Blast Radius: 42.5

Affected Packages