1797445 – (CVE-2019-14492) CVE-2019-14492 opencv: out-of-bounds read in function HaarEvaluator::OptFeature::calc() in cascadedetect.hpp leading to DoS

Bug 1797445 (CVE-2019-14492) - CVE-2019-14492 opencv: out-of-bounds read in function HaarEvaluator::OptFeature::calc() in cascadedetect.hpp leading to DoS

Summary: CVE-2019-14492 opencv: out-of-bounds read in function HaarEvaluator::OptFeatu...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2019-14492
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1797447 1824135 1824136
Blocks:	1797452
TreeView+	depends on / blocked

Reported:	2020-02-03 08:02 UTC by Dhananjay Arunesh
Modified:	2021-02-16 20:40 UTC (History)
CC List:	11 users (show)
Fixed In Version:	opencv 3.4.7, opencv 4.1.1
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds read flaw was found in OpenCV in the way the Cascade Classifier algorithm loaded and processed the Haar feature-based cascade classifiers. This flaw allows a remote attacker to provide a specially crafted classifier in the form of an XML file that, when loaded by an application linked to OpenCV, would crash the application, causing a denial of service.
Clone Of:
Environment:
Last Closed:	2020-07-28 08:10:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-02-03 08:02:23 UTC

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

Reference:
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html
https://github.com/opencv/opencv/compare/33b765d...4a7ca5a
https://github.com/opencv/opencv/compare/371bba8...ddbd10c
https://github.com/opencv/opencv/issues/15124

Comment 1 Dhananjay Arunesh 2020-02-03 08:03:43 UTC

Created opencv tracking bugs for this issue:

Affects: fedora-all [bug 1797447]

Comment 2 Mauro Matteo Cascella 2020-04-15 09:12:54 UTC

Upstream fix:
https://github.com/opencv/opencv/commit/321c74ccd6077bdea1d47450ca4fe955cb5b6330

Comment 6 Mauro Matteo Cascella 2020-04-15 15:04:07 UTC

Statement:

The versions of OpenCV as shipped with Red Hat Enterprise Linux 7 and 8 are affected by this flaw. Although it's technically possible that classifiers are loaded from untrusted sources, this is probably an unlikely case in practice.

Comment 7 Mauro Matteo Cascella 2020-04-15 15:04:10 UTC

Mitigation:

Avoid loading cascade classifiers from external untrusted sources.

Comment 8 Nicolas Chauvet (kwizart) 2020-07-28 08:10:15 UTC

Fixed in 3.4.10-1 package in f31

Note You need to log in before you can comment on or make changes to this bug.