Описание
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An out-of-bounds read vulnerability was discovered in OpenCV. This flaw can be exploited when a small, carefully crafted image is loaded by an application linked to OpenCV. A remote attacker could exploit this flaw, causing a denial of service by causing the application to crash or read sensitive information from memory.
Отчет
This issue did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include support for DIS optflow algorithm. This issue affects OpenCV as shipped with Red Hat Enterprise Linux 8. However, the package has been built with C++ standard library hardening (_GLIBCXX_ASSERTIONS) that enables range checks for C++ arrays, vectors, and strings. This leads to an application exit due to an assertion statement and prevents the out-of-bounds read to be exploitable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | opencv | Not affected | ||
| Red Hat Enterprise Linux 7 | opencv | Not affected | ||
| Red Hat Enterprise Linux 8 | opencv | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...
Уязвимость переменной coarsest_scale функций calc() и ocl_calc() компонента dis_flow.cpp библиотеки алгоритмов компьютерного зрения, обработки изображений и численных алгоритмов общего назначения Open Source Computer Vision Library (OpenCV), связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
5.3 Medium
CVSS3