Security News > 2020 > January > Serious Vulnerabilities Patched in OpenCV Computer Vision Library

Serious Vulnerabilities Patched in OpenCV Computer Vision Library
2020-01-03 16:43

Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution.

OpenCV is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.

The release of OpenCV 4.2.0 at the end of December 2019 arrived with numerous improvements and fixes, including patches for two buffer overflow vulnerabilities that were discovered by security researchers at Cisco Talos.

Tracked as CVE-2019-5063, the first issue is a heap buffer overflow vulnerability that resides in the data structure persistence functionality of OpenCV 4.1.0, which allows developers to write and retrieve OpenCV data structures to/from a file on disk.

Both vulnerabilities were found in OpenCV version 4.1.0 and were reported to the vendor in July 2019.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/VA708E_stkk/serious-vulnerabilities-patched-opencv-computer-vision-library

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-03 CVE-2019-5063 Out-of-bounds Write vulnerability in multiple products
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0.
network
low complexity
opencv oracle CWE-787
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Opencv 1 0 8 26 0 34