Bug 1144350 - (CVE-2019-14493) VUL-1: CVE-2019-14493: opencv: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv:XMLParser:parse at modules/core/src/persistence.cpp
VUL-1: CVE-2019-14493: opencv: An issue was discovered in OpenCV before 4.1.1...
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2019-08-05 15:45 UTC by Wolfgang Frisch
Modified: 2020-05-04 12:23 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

opencv-5691d998ead1d9b0542bcfced36c2dceb3a59023-fixes-CVE-2019-14493.patch (7.99 KB, patch)
2019-08-05 16:21 UTC, Wolfgang Frisch
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Wolfgang Frisch 2019-08-05 16:21:27 UTC
Created attachment 812845 [details]

This patch applies cleanly to opencv in openSUSE:Factory.
Comment 3 Scott Reeves 2019-08-30 17:21:52 UTC
(In reply to Wolfgang Frisch from comment #1)
> openSUSE:Factory however still ships the vulnerable version 4.1.0.

Looking into adding this patch but it appears opencv in factory has now been updated to 4.1.1.  I verified it does contain the fix. Moving back to security team as this appears fixed.
Comment 4 Alexandros Toptsoglou 2020-05-04 12:23:45 UTC