PyPI package
opencv-python-headless
pkg:pypi/opencv-python-headless
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5064 | — | < 4.2.0.32 | 4.2.0.32 | Jan 3, 2020 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker | ||
| CVE-2019-5063 | — | <= 4.1.0.25 | — | Jan 3, 2020 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a speci | ||
| CVE-2019-19624 | — | < 4.1.0.25 | 4.1.0.25 | Dec 6, 2019 | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to a | ||
| CVE-2019-9423 | — | <= 4.1.1.26 | — | Sep 27, 2019 | In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: | ||
| CVE-2019-16249 | — | < 4.1.2.30 | 4.1.2.30 | Sep 11, 2019 | OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. | ||
| CVE-2019-15939 | — | < 4.1.1.26 | 4.1.1.26 | Sep 5, 2019 | An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. | ||
| CVE-2019-14493 | — | < 4.1.1.26 | 4.1.1.26 | Aug 1, 2019 | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | ||
| CVE-2019-14492 | — | < 3.4.7.28 | 3.4.7.28 | Aug 1, 2019 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | ||
| CVE-2019-14491 | — | < 3.4.7.28 | 3.4.7.28 | Aug 1, 2019 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. |
- CVE-2019-5064Jan 3, 2020affected < 4.2.0.32fixed 4.2.0.32
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker
- CVE-2019-5063Jan 3, 2020affected <= 4.1.0.25
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a speci
- CVE-2019-19624Dec 6, 2019affected < 4.1.0.25fixed 4.1.0.25
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to a
- CVE-2019-9423Sep 27, 2019affected <= 4.1.1.26
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions:
- CVE-2019-16249Sep 11, 2019affected < 4.1.2.30fixed 4.1.2.30
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
- CVE-2019-15939Sep 5, 2019affected < 4.1.1.26fixed 4.1.1.26
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
- CVE-2019-14493Aug 1, 2019affected < 4.1.1.26fixed 4.1.1.26
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
- CVE-2019-14492Aug 1, 2019affected < 3.4.7.28fixed 3.4.7.28
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
- CVE-2019-14491Aug 1, 2019affected < 3.4.7.28fixed 3.4.7.28
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.