GHSA-8849-5h85-98qw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8849-5h85-98qw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-8849-5h85-98qw/GHSA-8849-5h85-98qw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8849-5h85-98qw
- Aliases
-
- CVE-2019-9423
- Published
- 2021-10-12T22:22:17Z
- Modified
- 2023-11-08T04:01:46.918531Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Out-of-bounds Write in OpenCV
- Details
-
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
- Database specific
{ "cwe_ids": [ "CWE-787" ], "github_reviewed": true, "github_reviewed_at": "2021-10-06T19:53:25Z", "nvd_published_at": "2019-09-27T19:15:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-9423
- https://github.com/opencv/opencv-python
- https://source.android.com/security/bulletin/android-10
- http://www.openwall.com/lists/oss-security/2019/10/25/17
- http://www.openwall.com/lists/oss-security/2019/10/27/1
- http://www.openwall.com/lists/oss-security/2019/11/07/1
- http://www.openwall.com/lists/oss-security/2020/12/05/1
Affected packages
PyPI / opencv-python
Package
- Name
- opencv-python
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-python
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.1.1.26
Affected versions
3.*
3.1.0
3.1.0.0
3.1.0.1
3.1.0.2
3.1.0.3
3.1.0.4
3.1.0.5
3.2.0.6
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10
3.3.1.11
3.4.0.12
3.4.0.14
3.4.1.15
3.4.2.16
3.4.2.17
3.4.3.18
3.4.4.19
3.4.5.20
3.4.6.27
3.4.7.28
3.4.8.29
3.4.9.31
3.4.9.33
3.4.10.35
3.4.10.37
3.4.11.39
3.4.11.41
3.4.11.43
3.4.11.45
3.4.13.47
3.4.14.51
3.4.14.53
3.4.15.55
3.4.16.57
3.4.16.59
3.4.17.61
3.4.17.63
3.4.18.65
4.*
4.0.0.21
4.0.1.23
4.0.1.24
4.1.0.25
4.1.1.26
PyPI / opencv-python-headless
Package
- Name
- opencv-python-headless
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-python-headless
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.1.1.26
Affected versions
3.*
3.4.2.16
3.4.2.17
3.4.3.18
3.4.4.19
3.4.5.20
3.4.6.27
3.4.7.28
3.4.8.29
3.4.9.31
3.4.9.33
3.4.10.35
3.4.10.37
3.4.11.39
3.4.11.41
3.4.11.43
3.4.11.45
3.4.13.47
3.4.14.51
3.4.14.53
3.4.15.55
3.4.16.57
3.4.16.59
3.4.17.61
3.4.17.63
3.4.18.65
4.*
4.0.0.21
4.0.1.23
4.0.1.24
4.1.0.25
4.1.1.26
PyPI / opencv-contrib-python
Package
- Name
- opencv-contrib-python
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-contrib-python
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.1.1.26
Affected versions
3.*
3.1.0.0
3.2.0.7
3.2.0.8
3.3.0.9
3.3.0.10
3.3.1.11
3.4.0.12
3.4.0.14
3.4.1.15
3.4.2.16
3.4.2.17
3.4.3.18
3.4.4.19
3.4.5.20
3.4.6.27
3.4.7.28
3.4.8.29
3.4.9.31
3.4.9.33
3.4.10.35
3.4.10.37
3.4.11.39
3.4.11.41
3.4.11.43
3.4.11.45
3.4.13.47
3.4.14.51
3.4.14.53
3.4.15.55
3.4.16.57
3.4.16.59
3.4.17.61
3.4.17.63
3.4.18.65
4.*
4.0.0.21
4.0.1.23
4.0.1.24
4.1.0.25
4.1.1.26
PyPI / opencv-contrib-python-headless
Package
- Name
- opencv-contrib-python-headless
- View open source insights on deps.dev
- Purl
- pkg:pypi/opencv-contrib-python-headless
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.1.1.26
Affected versions
3.*
3.4.0.14
3.4.1.15
3.4.2.16
3.4.2.17
3.4.3.18
3.4.4.19
3.4.5.20
3.4.6.27
3.4.7.28
3.4.8.29
3.4.9.31
3.4.9.33
3.4.10.35
3.4.10.37
3.4.11.39
3.4.11.41
3.4.11.43
3.4.11.45
3.4.13.47
3.4.14.51
3.4.14.53
3.4.15.55
3.4.16.57
3.4.16.59
3.4.17.61
3.4.17.63
3.4.18.65
4.*
4.0.0.21
4.0.1.23
4.0.1.24
4.1.0.25
4.1.1.26