An out-of-bounds read was discovered in opencv up to version 4.1.0. Specifically, variable coarsest_scale is assumed to be greater or equal than finest_scale in calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of heap-allocated arrays Ux and Uy.
Created opencv tracking bugs for this issue: Affects: fedora-all [bug 1780544]
References: https://github.com/opencv/opencv/issues/14554 https://github.com/opencv/opencv/pull/14641
Statement: This issue did not affect the versions of OpenCV as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include support for DIS optflow algorithm. This issue affects OpenCV as shipped with Red Hat Enterprise Linux 8. However, the package has been built with C++ standard library hardening (_GLIBCXX_ASSERTIONS) that enables range checks for C++ arrays, vectors, and strings. This leads to an application exit due to an assertion statement and prevents the out-of-bounds read to be exploitable.
Upstream fix: https://github.com/opencv/opencv/pull/14641/commits/d1615ba11a93062b1429fce9f0f638d1572d3418
opencv-3.4.10 doesn't look like affected by the issue only 4.1 is (and fedora 32 have 4.2.0).