Описание
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
A divide by zero vulnerability was found in OpenCV in the way HOGDescriptor objects are created by loading their properties from a local file. Local files with no "cellSize" property may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted file that, when loaded by a victim, would cause a floating-point exception leading to a denial of service.
Меры по смягчению последствий
Avoid using the Histogram of Oriented Gradients (HOG) Descriptor algorithm to detect objects in digital images. Alternatively, ensure HOGDescriptor objects are not created from external untrusted files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | opencv | Out of support scope | ||
| Red Hat Enterprise Linux 7 | opencv | Will not fix | ||
| Red Hat Enterprise Linux 8 | opencv | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...
Уязвимость функции cv::HOGDescriptor::getDescriptorSize библиотеки алгоритмов компьютерного зрения, обработки изображений и численных алгоритмов общего назначения Open Source Computer Vision Library (OpenCV), позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.9 Medium
CVSS3