Bug 1764731 (CVE-2019-15939)
Summary: | CVE-2019-15939 opencv: division by zero in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | andrew, databases-maint, hhorak, jkucera, jmlich83, jridky, karlthered, kwizart, mrehak, pkajaba, rakesh.pandit, viktor.vix.jancik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | opencv 3.4.8 | Doc Type: | If docs needed, set a value |
Doc Text: |
A divide by zero vulnerability was found in OpenCV in the way HOGDescriptor objects are created by loading their properties from a local file. Local files with no "cellSize" property may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted file that, when loaded by a victim, would cause a floating-point exception leading to a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-28 06:27:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1764732, 1786692, 1786693 | ||
Bug Blocks: | 1764734 |
Description
Guilherme de Almeida Suckevicz
2019-10-23 16:23:09 UTC
Created opencv tracking bugs for this issue: Affects: fedora-all [bug 1764732] Upstream fix: https://github.com/opencv/opencv/pull/15382/commits/5a497077f109d543ab86dfdf8add1c76c0e47d29 This flaw affects the implementation of Histogram of Oriented Gradients (HOG) Descriptor, an algorithm used internally by OpenCV to detect objects in digital images. More specifically, method HOGDescriptor::getDescriptorSize() computes the remainder of the division of variables blockSize.width by cellSize.width, without ensuring that the value of cellSize.width is not zero. As a result, the code ends up dividing a value by zero, leading to a floating point exception that ultimately results in a crash of the application. It is worth noting that those variables are set in method HOGDescriptor::read() when a HOGDescriptor object is created by loading its properties from a local file. Mitigation: Avoid using the Histogram of Oriented Gradients (HOG) Descriptor algorithm to detect objects in digital images. Alternatively, ensure HOGDescriptor objects are not created from external untrusted files. Fixed in 3.4.8 and later Current version in Fedora 31 3.4.10. |