Bug 1780543 (CVE-2019-19624) - CVE-2019-19624 opencv: out-of-bounds read in DIS optflow algorithm when dealing with small images
Summary: CVE-2019-19624 opencv: out-of-bounds read in DIS optflow algorithm when deali...
Alias: CVE-2019-19624
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1780544 1781277
Blocks: 1780547
TreeView+ depends on / blocked
Reported: 2019-12-06 10:38 UTC by Mauro Matteo Cascella
Modified: 2021-02-16 20:56 UTC (History)
13 users (show)

Fixed In Version: opencv 4.1.1
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was discovered in OpenCV. This flaw can be exploited when a small, carefully crafted image is loaded by an application linked to OpenCV. A remote attacker could exploit this flaw, causing a denial of service by causing the application to crash or read sensitive information from memory.
Clone Of:
Last Closed: 2020-07-28 06:38:43 UTC

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2019-12-06 10:38:44 UTC
An out-of-bounds read was discovered in opencv up to version 4.1.0. Specifically, variable coarsest_scale is assumed to be greater or equal than finest_scale in calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of heap-allocated arrays Ux and Uy.

Comment 1 Mauro Matteo Cascella 2019-12-06 10:39:40 UTC
Created opencv tracking bugs for this issue:

Affects: fedora-all [bug 1780544]

Comment 4 Mauro Matteo Cascella 2019-12-09 13:00:26 UTC

This issue did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include support for DIS optflow algorithm.
This issue affects OpenCV as shipped with Red Hat Enterprise Linux 8. However, the package has been built with C++ standard library hardening (_GLIBCXX_ASSERTIONS) that enables range checks for C++ arrays, vectors, and strings. This leads to an application exit due to an assertion statement and prevents the out-of-bounds read to be exploitable.

Comment 11 Nicolas Chauvet (kwizart) 2020-07-28 06:38:43 UTC
opencv-3.4.10 doesn't look like affected by the issue only 4.1 is (and fedora 32 have 4.2.0).

Note You need to log in before you can comment on or make changes to this bug.