Описание
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
A NULL pointer dereference flaw was found in OpenCV in the way the Cascade Classifier algorithm loaded and processed certain classifiers. A remote attacker could exploit this flaw by providing a specially crafted XML file that, when loaded by an application linked to OpenCV, would crash the application causing a denial of service.
Отчет
This flaw did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code, which was introduced in a newer version of the library.
Меры по смягчению последствий
Avoid loading cascade classifiers from external untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | opencv | Not affected | ||
| Red Hat Enterprise Linux 7 | opencv | Not affected | ||
| Red Hat Enterprise Linux 8 | opencv | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...
Уязвимость функции cv::XMLParser::parse компонента modules/core/src/persistence.cpp библиотеки алгоритмов компьютерного зрения, обработки изображений и численных алгоритмов общего назначения Open Source Computer Vision Library (OpenCV), связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3