PT-2019-5800 · Intel · Opencv

Published

2019-11-06

Updated

2022-06-17

CVE-2019-5064

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenCV versions prior to 4.2.0

Description A heap buffer overflow issue exists in the data structure persistence functionality of OpenCV. This can be triggered by a specially crafted JSON file, causing a buffer overflow and resulting in multiple heap corruptions, potentially leading to code execution. An attacker can exploit this by providing a specially crafted file.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted JSON files to minimize the risk of exploitation. Avoid using the data structure persistence functionality with untrusted input until the issue is resolved.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787

Related Identifiers

BDU:2021-02785

CVE-2019-5064

GHSA-Q799-Q27X-VP7W

Affected Products

Opencv

PT-2019-5800 · Intel · Opencv

CVE-2019-5064

Weakness Enumeration

Related Identifiers

Affected Products

References · 18