1780543 – (CVE-2019-19624) CVE-2019-19624 opencv: out-of-bounds read in DIS optflow algorithm when dealing with small images

Bug 1780543 (CVE-2019-19624) - CVE-2019-19624 opencv: out-of-bounds read in DIS optflow algorithm when dealing with small images

Summary: CVE-2019-19624 opencv: out-of-bounds read in DIS optflow algorithm when deali...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2019-19624
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1780544 1781277
Blocks:	1780547
TreeView+	depends on / blocked

Reported:	2019-12-06 10:38 UTC by Mauro Matteo Cascella
Modified:	2021-02-16 20:56 UTC (History)
CC List:	13 users (show)
Fixed In Version:	opencv 4.1.1
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds read vulnerability was discovered in OpenCV. This flaw can be exploited when a small, carefully crafted image is loaded by an application linked to OpenCV. A remote attacker could exploit this flaw, causing a denial of service by causing the application to crash or read sensitive information from memory.
Clone Of:
Environment:
Last Closed:	2020-07-28 06:38:43 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2019-12-06 10:38:44 UTC

An out-of-bounds read was discovered in opencv up to version 4.1.0. Specifically, variable coarsest_scale is assumed to be greater or equal than finest_scale in calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of heap-allocated arrays Ux and Uy.

Comment 1 Mauro Matteo Cascella 2019-12-06 10:39:40 UTC

Created opencv tracking bugs for this issue:

Affects: fedora-all [bug 1780544]

Comment 2 Mauro Matteo Cascella 2019-12-06 11:03:12 UTC

References:
https://github.com/opencv/opencv/issues/14554
https://github.com/opencv/opencv/pull/14641

Comment 4 Mauro Matteo Cascella 2019-12-09 13:00:26 UTC

Statement:

This issue did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include support for DIS optflow algorithm.
This issue affects OpenCV as shipped with Red Hat Enterprise Linux 8. However, the package has been built with C++ standard library hardening (_GLIBCXX_ASSERTIONS) that enables range checks for C++ arrays, vectors, and strings. This leads to an application exit due to an assertion statement and prevents the out-of-bounds read to be exploitable.

Comment 8 Mauro Matteo Cascella 2019-12-10 17:51:53 UTC

Upstream fix:
https://github.com/opencv/opencv/pull/14641/commits/d1615ba11a93062b1429fce9f0f638d1572d3418

Comment 11 Nicolas Chauvet (kwizart) 2020-07-28 06:38:43 UTC

opencv-3.4.10 doesn't look like affected by the issue only 4.1 is (and fedora 32 have 4.2.0).

Note You need to log in before you can comment on or make changes to this bug.