CVE-2019-14492

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

Published: Aug 1, 2019
Updated: May 9, 2024
CVE: CVE-2019-14492
GHSA: GHSA-fw99-f933-rgh8
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-787
CWE-125

Affected Software
References

Software	From	Fixed in
opencv / opencv	4.0.0	4.1.1
opencv / opencv	-	3.4.7
opensuse / leap	15.1	15.1.x
opencv-python	-	3.4.7.28
opencv-python	4.0.0.21	4.1.1.26
opencv-python-headless	-	3.4.7.28
opencv-python-headless	4.0.0.21	4.1.1.26
opencv-contrib-python	-	3.4.7.28
opencv-contrib-python	4.0.0.21	4.1.1.26
opencv-contrib-python-headless	-	3.4.7.28
opencv-contrib-python-headless	4.0.0.21	4.1.1.26

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html
https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
https://github.com/opencv/opencv/compare/371bba8...ddbd10c
https://github.com/opencv/opencv/issues/15124

Vulnerability Database

289,697

CVE-2019-14492