Butterfly

**Name of the Vulnerable Software and Affected Versions** OpenCV version 4.1.0 **Description** The issue is related to a divide-by-zero error in the `cv::HOGDescriptor::getDescriptorSize` function. This error can be exploited by a remote attacker to cause a denial of service. The error is located in the `modules/objdetect/src/hog.cpp` file. **Recommendations** For OpenCV version 4.1.0, consider disabling the `cv::HOGDescriptor::getDescriptorSize` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions prior to 3.4.7 OpenCV versions 4.x prior to 4.1.1 **Description** The issue is related to an out of bounds read/write in the `HaarEvaluator::OptFeature::calc` function in the `modules/objdetect/src/cascadedetect.hpp` component of the OpenCV library. This can lead to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For OpenCV versions prior to 3.4.7, update to version 3.4.7 or later. For OpenCV versions 4.x prior to 4.1.1, update to version 4.1.1 or later. As a temporary workaround, consider disabling the `HaarEvaluator::OptFeature::calc` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenCV versions prior to 3.4.7 OpenCV versions 4.x prior to 4.1.1 **Description** The issue is related to an out of bounds read in the `cv::predictOrdered<cv::HaarEvaluator>` function in `modules/objdetect/src/cascadedetect.hpp`. This can lead to denial of service and potentially allow a remote attacker to access confidential data. **Recommendations** For OpenCV versions prior to 3.4.7, update to version 3.4.7 or later. For OpenCV versions 4.x prior to 4.1.1, update to version 4.1.1 or later. As a temporary workaround, consider disabling the `cv::predictOrdered<cv::HaarEvaluator>` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions 0.7 through 0.7.1645 **Description** An issue was discovered in GNU LibreDWG. There is a NULL pointer dereference in the function (bit convert TU) at bits.c. **Recommendations** For GNU LibreDWG versions 0.7 through 0.7.1645, as a temporary workaround, consider disabling the function (bit convert TU) until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions 0.7 through 0.7.1645 **Description** An issue was discovered in GNU LibreDWG. There is a NULL pointer dereference in the function `dwg dxf LTYPE` at `dwg.spec`. **Recommendations** For GNU LibreDWG versions 0.7 through 0.7.1645, as a temporary workaround, consider disabling the `dwg dxf LTYPE` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions 0.7 through 0.7.1645 **Description** An issue was discovered in GNU LibreDWG. There is a NULL pointer dereference in the function `dwg dxf LEADER` at `dwg.spec`. **Recommendations** For GNU LibreDWG versions 0.7 through 0.7.1645, consider disabling the `dwg dxf LEADER` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions 0.7 through 0.7.1645 **Description** An issue was discovered in the function `dwg dxf LTYPE` at `dwg.spec`, which results in a NULL pointer dereference. **Recommendations** For GNU LibreDWG versions 0.7 through 0.7.1645, consider disabling the `dwg dxf LTYPE` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.