opencv-python@3.4.3.18 vulnerabilities

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes() function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes() function to allocate the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.

Notes:

This is only exploitable if the color_cache_bits value defines which size to use.

This vulnerability was also published on libwebp CVE-2023-5129

Changelog:

2023-09-12: Initial advisory publication

2023-09-27: Advisory details updated, including CVSS, references

2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863

2023-09-28: Research and addition of additional affected libraries

2024-01-28: Additional fix information

Upgrade opencv-python to version 4.8.1.78 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Buffer Overflow via the data structure persistence functionality of OpenCV. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

Upgrade opencv-python to version 4.2.0.32 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Out-of-bounds Read via hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.

Upgrade opencv-python to version 4.1.2.30 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Out-of-bounds Read. The coarsest_scale variable is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

Upgrade opencv-python to version 4.1.0.25 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Division by Zero via cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

Upgrade opencv-python to version 4.1.1.26 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Out-of-bounds Read via the cv::predictOrdered<cv::HaarEvaluator> function in modules/objdetect/src/cascadedetect.hpp, which leads to a Denial of Service.

Upgrade opencv-python to version 4.1.1.26, 3.4.7.28 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Out-of-Bounds via the HaarEvaluator::OptFeature::calc function in modules/objdetect/src/cascadedetect.hpp, which leads to a Denial of Service.

Upgrade opencv-python to version 4.1.1.26, 3.4.7.28 or higher.

opencv-python is a Wrapper package for OpenCV python bindings.

Affected versions of this package are vulnerable to Out-of-bounds Write. In OpenCV calls that use libpng, there is a possible out of bounds write due to a missing bounds check.

Upgrade opencv-python to version 4.1.1.26 or higher.