PT-2019-6436 · Intel+3 · Opencv+3

Butterfly

Published

2019-07-23

Updated

2024-06-15

CVE-2019-14491

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenCV versions prior to 3.4.7 OpenCV versions 4.x prior to 4.1.1

Description The issue is related to an out of bounds read in the cv::predictOrdered<cv::HaarEvaluator> function in modules/objdetect/src/cascadedetect.hpp. This can lead to denial of service and potentially allow a remote attacker to access confidential data.

Recommendations For OpenCV versions prior to 3.4.7, update to version 3.4.7 or later. For OpenCV versions 4.x prior to 4.1.1, update to version 4.1.1 or later. As a temporary workaround, consider disabling the cv::predictOrdered<cv::HaarEvaluator> function until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-06972

CVE-2019-14491

GHSA-FM39-CW8H-3P63

MGASA-2020-0030

OPENSUSE-SU-2019:2671-1

OPENSUSE-SU-2019_2671-1

OPENSUSE-SU-2024:11115-1

OPENSUSE-SU-2024:11116-1

SUSE-SU-2019:3192-1

SUSE-SU-2019:3192-2

SUSE-SU-2019_3192-1

SUSE-SU-2019_3192-2

USN-4818-1

Affected Products

Astra Linux

Opencv

Suse

Ubuntu

PT-2019-6436 · Intel+3 · Opencv+3

CVE-2019-14491

Weakness Enumeration

Related Identifiers

Affected Products

References · 45