UBUNTU-CVE-2025-53644

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-53644

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-53644.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-53644

Upstream

CVE-2025-53644

Published

2025-07-18T00:00:00Z

Modified

2025-07-18T19:03:59.718138Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@2.4.8+dfsg1-2ubuntu1.2+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.5+dfsg-0ubuntu4

2.4.5+dfsg-0ubuntu5

2.4.6.1+dfsg-2ubuntu2

2.4.6.1+dfsg-2ubuntu3

2.4.6.1+dfsg-2ubuntu4

2.4.6.1+dfsg-2ubuntu5

2.4.8+dfsg-1ubuntu1

2.4.8+dfsg1-2ubuntu1

2.4.8+dfsg1-2ubuntu1.2

2.4.8+dfsg1-2ubuntu1.2+esm1

Ubuntu:Pro:16.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@2.4.9.1+dfsg-1.5ubuntu1.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.9+dfsg-1ubuntu6

2.4.9.1+dfsg-1.2ubuntu1

2.4.9.1+dfsg-1.3ubuntu1

2.4.9.1+dfsg-1.5ubuntu1

2.4.9.1+dfsg-1.5ubuntu1.1

2.4.9.1+dfsg-1.5ubuntu1.1+esm1

Ubuntu:Pro:18.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@3.2.0+dfsg-4ubuntu0.1+esm4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.0+dfsg1-1~exp1ubuntu3

3.2.0+dfsg-3

3.2.0+dfsg-4

3.2.0+dfsg-4build1

3.2.0+dfsg-4build2

3.2.0+dfsg-4ubuntu0.1

3.2.0+dfsg-4ubuntu0.1+esm2

3.2.0+dfsg-4ubuntu0.1+esm3

3.2.0+dfsg-4ubuntu0.1+esm4

Ubuntu:Pro:20.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@4.2.0+dfsg-5?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.0+dfsg-6

3.2.0+dfsg-6build1

3.2.0+dfsg-6build2

4.*

4.1.2+dfsg-4ubuntu3

4.1.2+dfsg-5

4.2.0+dfsg-4

4.2.0+dfsg-5

Ubuntu:22.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@4.5.4+dfsg-9ubuntu4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.3+dfsg-1ubuntu1

4.5.4+dfsg-9ubuntu2

4.5.4+dfsg-9ubuntu4

Ubuntu:24.04:LTS / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@4.6.0+dfsg-13.1ubuntu1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.6.0+dfsg-13build1

4.6.0+dfsg-13build3

4.6.0+dfsg-13build5

4.6.0+dfsg-13.1build2

4.6.0+dfsg-13.1ubuntu1

Ubuntu:25.04 / opencv

Package

Name: opencv
Purl: pkg:deb/ubuntu/opencv@4.10.0+dfsg-5?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.6.0+dfsg-14

4.6.0+dfsg-14build1

4.6.0+dfsg-14build2

4.6.0+dfsg-14build3

4.10.0+dfsg-2

4.10.0+dfsg-3

4.10.0+dfsg-4

4.10.0+dfsg-5