Security News > 2020 > January > Serious Vulnerabilities Patched in OpenCV Computer Vision Library
Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution.
OpenCV is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.
The release of OpenCV 4.2.0 at the end of December 2019 arrived with numerous improvements and fixes, including patches for two buffer overflow vulnerabilities that were discovered by security researchers at Cisco Talos.
Tracked as CVE-2019-5063, the first issue is a heap buffer overflow vulnerability that resides in the data structure persistence functionality of OpenCV 4.1.0, which allows developers to write and retrieve OpenCV data structures to/from a file on disk.
Both vulnerabilities were found in OpenCV version 4.1.0 and were reported to the vendor in July 2019.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-03 | CVE-2019-5063 | Out-of-bounds Write vulnerability in multiple products An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. | 6.8 |