OpenCV up to 3.4.6/4.1.0 cascadedetect.hpp HaarEvaluator out-of-bounds

Summaryinfo

A vulnerability labeled as problematic has been found in OpenCV up to 3.4.6/4.1.0. This affects the function cv::predictOrdered<cv::HaarEvaluator of the file modules/objdetect/src/cascadedetect.hpp. Such manipulation leads to out-of-bounds. This vulnerability is listed as CVE-2019-14491. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in OpenCV up to 3.4.6/4.1.0 (Image Processing Software). Affected by this issue is the function cv::predictOrdered of the file modules/objdetect/src/cascadedetect.hpp. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is availability. CVE summarizes:


An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

The weakness was presented 08/01/2019 (Website). The advisory is shared for download at lists.fedoraproject.org. This vulnerability is handled as CVE-2019-14491 since 08/01/2019. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available.

Upgrading to version 3.4.7 or 4.1.1 eliminates this vulnerability.

See VDB-139270 and VDB-139269 for similar entries. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Image Processing Software

Name

• OpenCV

Version

• 3.4.0
• 3.4.1
• 3.4.2
• 3.4.3
• 3.4.4
• 3.4.5
• 3.4.6
• 4.0
• 4.1.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info