Описание
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrderedcv::HaarEvaluator in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
Отчет
It's possible to cause opencv to attempt to read from incorrect or invalid memory when loading specially crafted classifiers (trained data used for object detection), possibly leading to a crash. Although it's technically possible that classifiers are used from untrusted sources, it's probably an unlikely case in practice.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | opencv | Not affected | ||
| Red Hat Enterprise Linux 7 | opencv | Will not fix | ||
| Red Hat Enterprise Linux 8 | opencv | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...
Уязвимость функции predictOrdered() компонента objdetect/src/cascadedetect.hpp библиотеки алгоритмов компьютерного зрения OpenCV, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
6.2 Medium
CVSS3