An out-of-bounds read was discovered in opencv up to version 4.1.0. Specifically, variable coarsest_scale is assumed to be greater or equal than finest_scale in calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of heap-allocated arrays Ux and Uy.
Created opencv tracking bugs for this issue:
Affects: fedora-all [bug 1780544]
This issue did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include support for DIS optflow algorithm.
This issue affects OpenCV as shipped with Red Hat Enterprise Linux 8. However, the package has been built with C++ standard library hardening (_GLIBCXX_ASSERTIONS) that enables range checks for C++ arrays, vectors, and strings. This leads to an application exit due to an assertion statement and prevents the out-of-bounds read to be exploitable.
opencv-3.4.10 doesn't look like affected by the issue only 4.1 is (and fedora 32 have 4.2.0).