Cisco Talos recently discovered two buffer overflow vulnerabilities in the OpenCV libraries. An attacker could potentially exploit these bugs to cause heap corruptions and potentially code execution. Intel Research originally developed OpenCV in 1999, but it is currently maintained by the non-profit organization OpenCV.org.
OpenCV is used for numerous applications, including facial recognition technology, robotics, motion tracking and various machine learning programs. In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenCV to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
OpenCV XML persistence parser buffer overflow vulnerability (TALOS-2019-0852/CVE-2019-5063)
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
OpenCV JSON persistence parser buffer overflow vulnerability (TALOS-2019-0853/CVE-2019-5064)
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An ..
Support the originator by clicking the read the rest link below.
