CVE-2019-5064

Name of the Vulnerable Software and Affected Versions OpenCV versions prior to 4.2.0

Description A heap buffer overflow issue exists in the data structure persistence functionality of OpenCV. This can be triggered by a specially crafted JSON file, causing a buffer overflow and resulting in multiple heap corruptions, potentially leading to code execution. An attacker can exploit this by providing a specially crafted file.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted JSON files to minimize the risk of exploitation. Avoid using the data structure persistence functionality with untrusted input until the issue is resolved.