Bug#948180: opencv: CVE-2019-5063 and CVE-2019-5064
Markus Koschany
apo at debian.org
Sat Jan 4 23:32:54 GMT 2020
Package: opencv
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for opencv.
CVE-2019-5064[0]:
| An exploitable heap buffer overflow vulnerability exists in the data
| structure persistence functionality of OpenCV, version 4.1.0. A
| specially crafted JSON file can cause a buffer overflow, resulting in
| multiple heap corruptions and potentially code execution. An attacker
| can provide a specially crafted file to trigger this vulnerability.
CVE-2019-5063[1]:
| An exploitable heap buffer overflow vulnerability exists in the data
| structure persistence functionality of OpenCV 4.1.0. A specially
| crafted XML file can cause a buffer overflow, resulting in multiple
| heap corruptions and potential code execution. An attacker can provide
| a specially crafted file to trigger this vulnerability.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064
[1] https://security-tracker.debian.org/tracker/CVE-2019-5063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5063
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-science-maintainers/attachments/20200105/44b5f72e/attachment-0001.sig>
More information about the debian-science-maintainers
mailing list