Fedora Account System
Red Hat Associate
Red Hat Customer
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. Reference: https://github.com/opencv/opencv/compare/371bba8...ddbd10c https://github.com/opencv/opencv/issues/15125 https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
Created opencv tracking bugs for this issue: Affects: fedora-all [bug 1752026]
Patch: https://github.com/opencv/opencv/commit/321c74ccd6077bdea1d47450ca4fe955cb5b6330
Statement: It's possible to cause opencv to attempt to read from incorrect or invalid memory when loading specially crafted classifiers (trained data used for object detection), possibly leading to a crash. Although it's technically possible that classifiers are used from untrusted sources, it's probably an unlikely case in practice.
(In reply to Stefan Cornelius) > Fixed In Version: opencv 3.4.7, opencv 4.1.2 Since in master we already got 4.1 , I will update F31 with 3.4.7
Fixed in 3.4.10-1 package in f31