MGASA-2020-0030

Source
https://advisories.mageia.org/MGASA-2020-0030.html
Import Source
https://advisories.mageia.org/MGASA-2020-0030.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0030
Related
Published
2020-01-11T23:52:04Z
Modified
2020-01-11T23:31:13Z
Summary
Updated opencv packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities:

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered <cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14491)

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator:: OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14492)

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. (CVE-2019-15939)

References
Credits

Affected packages

Mageia:7 / opencv

Package

Name
opencv
Purl
pkg:rpm/mageia/opencv?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-2.1.mga7

Ecosystem specific

{
    "section": "core"
}