CVE-2025-53644

CRITICAL

OpenCV 4.10.0-4.11.0 - Arbitrary Heap Buffer Write via Crafted JPEG Image

Title source: llm
STIX 2.1

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0036
EPSS Percentile 27.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-457
Status published
Products (1)
opencv/opencv 4.10.0 - 4.12.0
Published Jul 17, 2025
Tracked Since Feb 18, 2026