SB2019080111 - Multiple vulnerabilities in Itseez OpenCV
Published: August 1, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-19624)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
2) Out-of-bounds read (CVE-ID: CVE-2019-14491)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
3) Out-of-bounds read (CVE-ID: CVE-2019-14492)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
4) NULL pointer dereference (CVE-ID: CVE-2019-14493)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in function cv::XMLParser::parse at modules/core/src/persistence.cpp. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://access.redhat.com/security/cve/cve-2019-19624
- https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
- https://github.com/opencv/opencv/issues/14554
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html
- https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
- https://github.com/opencv/opencv/compare/371bba8...ddbd10c
- https://github.com/opencv/opencv/issues/15125
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ/
- https://github.com/opencv/opencv/issues/15124
- https://github.com/opencv/opencv/issues/15127