CVE-2019-14492

HIGH

OpenCV <3.4.7, <4.1.1 - DoS

Title source: llm
STIX 2.1

Description

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
Third Party Advisory x_refsource_misc
https://github.com/opencv/opencv/compare/371bba8...ddbd10c
Exploit, Third Party Advisory x_refsource_misc
https://github.com/opencv/opencv/issues/15124
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html

Scores

CVSS v3 7.5
EPSS 0.0047
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-125 CWE-787
Status published
Products (6)
opencv/opencv < 3.4.7
opensuse/leap 15.1
pypi/opencv-contrib-python 0 - 3.4.7.28PyPI
pypi/opencv-contrib-python-headless 0 - 3.4.7.28PyPI
pypi/opencv-python 0 - 3.4.7.28PyPI
pypi/opencv-python-headless 0 - 3.4.7.28PyPI
Published Aug 01, 2019
Tracked Since Feb 18, 2026