Описание
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| opencv | fixed | 3.2.0+dfsg-1 | package |
Примечания
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
https://github.com/opencv/opencv/issues/27271
Fixed by: https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466 (4.12.0)
Since opencv/3.1.0+dfsg1-1~exp1 the embedded openjpeg2 copy is excluded
completely via Files-Excluded.
EPSS
Связанные уязвимости
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
EPSS