CVE-2019-14491

Published: 01 August 2019

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

From the Ubuntu security team

It was discovered that OpenCV incorrectly handled certain files. An attaacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 8.2

Status

Package Release Status
opencv
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4.1.2+dfsg-4ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.1.2+dfsg-4ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/opencv/opencv/commit/321c74ccd6077bdea1d47450ca4fe955cb5b6330