Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711284 (CVE-2019-14491, CVE-2019-14492, CVE-2019-14493, CVE-2019-15939, CVE-2019-16249) - <media-libs/opencv-4.1.2: Multiple vulnerabilities (CVE-2019-{14491,14492,14493,15939,16249})
Summary: <media-libs/opencv-4.1.2: Multiple vulnerabilities (CVE-2019-{14491,14492,144...
Status: IN_PROGRESS
Alias: CVE-2019-14491, CVE-2019-14492, CVE-2019-14493, CVE-2019-15939, CVE-2019-16249
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-02 02:33 UTC by Sam James (sec padawan)
Modified: 2020-04-26 01:44 UTC (History)
1 user (show)

See Also:
Package list:
media-libs/opencv-4.1.2-r3
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-02 02:33:59 UTC
1) CVE-2019-14491

Description:
"An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service."

URL: https://github.com/opencv/opencv/issues/15125

2) CVE-2019-14492

Description:
"An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service."

URL: https://github.com/opencv/opencv/issues/15124

3) CVE-2019-14493

Description:
"An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp."

URL: https://github.com/opencv/opencv/issues/15127
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2020-04-22 21:55:13 UTC
CVE-2019-16249 (https://nvd.nist.gov/vuln/detail/CVE-2019-16249):
  OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in
  core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in
  modules/video/src/dis_flow.cpp.

CVE-2019-15939 (https://nvd.nist.gov/vuln/detail/CVE-2019-15939):
  An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in
  cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

CVE-2019-14493 (https://nvd.nist.gov/vuln/detail/CVE-2019-14493):
  An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer
  dereference in the function cv::XMLParser::parse at
  modules/core/src/persistence.cpp.

CVE-2019-14492 (https://nvd.nist.gov/vuln/detail/CVE-2019-14492):
  An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There
  is an out of bounds read/write in the function
  HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp,
  which leads to denial of service.

CVE-2019-14491 (https://nvd.nist.gov/vuln/detail/CVE-2019-14491):
  An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There
  is an out of bounds read in the function
  cv::predictOrdered<cv::HaarEvaluator> in
  modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
Comment 2 Sam James (sec padawan) 2020-04-22 21:56:08 UTC
@maintianer(s), please advise if ready for stabilisation, or call yourself.