MGASA-2020-0030

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0030.html

Import Source

https://advisories.mageia.org/MGASA-2020-0030.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0030

Related

Published

2020-01-11T23:52:04Z

Modified

2020-01-11T23:31:13Z

Summary

Updated opencv packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities:

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered <cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14491)

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator:: OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14492)

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. (CVE-2019-15939)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / opencv

Package

Name: opencv
Purl: pkg:rpm/mageia/opencv?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.5-2.1.mga7

Ecosystem specific

{
    "section": "core"
}