CVE-2019-19624

Name of the Vulnerable Software and Affected Versions OpenCV versions prior to 4.1.1 OpenCV-Python versions prior to 4.1.0.25

Description An out-of-bounds read issue was discovered in the calc() and ocl calc() functions within the dis flow.cpp component of OpenCV. This occurs because the coarsest scale variable is assumed to be greater than or equal to finest scale, which is not true when handling small images. As a result, it leads to an out-of-bounds read of the heap-allocated arrays Ux and Uy. This could potentially allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For OpenCV versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. For OpenCV-Python versions prior to 4.1.0.25, update to version 4.1.0.25 or later to resolve the issue. As a temporary workaround, consider restricting the use of the calc() and ocl calc() functions in dis flow.cpp when dealing with small images until a patch is available.