SB2025020462 - Ubuntu update for opencv

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025020462

SB2025020462 - Ubuntu update for opencv

Published: February 4, 2025

Security Bulletin ID SB2025020462
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-14493)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in function cv::XMLParser::parse at modules/core/src/persistence.cpp. A remote attacker can perform a denial of service (DoS) attack.


2) Out-of-bounds read (CVE-ID: CVE-2019-16249)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.


3) Out-of-bounds read (CVE-ID: CVE-2019-19624)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.


4) NULL pointer dereference (CVE-ID: CVE-2023-2617)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the DecodedBitStreamParser::decodeByteSegment() function in qrcode/decoder/decoded_bit_stream_parser.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2023-2618)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Load Testing for Web Apps (OpenCV) component in Oracle Application Testing Suite. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References