First Last Prev Next    This bug is not in your last search results.
Bug 1144350 - (CVE-2019-14493) VUL-1: CVE-2019-14493: opencv: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv:XMLParser:parse at modules/core/src/persistence.cpp
(CVE-2019-14493)
VUL-1: CVE-2019-14493: opencv: An issue was discovered in OpenCV before 4.1.1...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
https://smash.suse.de/issue/238722/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-05 15:45 UTC by Wolfgang Frisch
Modified: 2020-05-04 12:23 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
opencv-5691d998ead1d9b0542bcfced36c2dceb3a59023-fixes-CVE-2019-14493.patch (7.99 KB, patch)
2019-08-05 16:21 UTC, Wolfgang Frisch 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Wolfgang Frisch 2019-08-05 16:21:27 UTC 
Created attachment 812845 [details]
opencv-5691d998ead1d9b0542bcfced36c2dceb3a59023-fixes-CVE-2019-14493.patch

This patch applies cleanly to opencv in openSUSE:Factory.
Comment 3 Scott Reeves 2019-08-30 17:21:52 UTC 
(In reply to Wolfgang Frisch from comment #1)
> openSUSE:Factory however still ships the vulnerable version 4.1.0.

Looking into adding this patch but it appears opencv in factory has now been updated to 4.1.1.  I verified it does contain the fix. Moving back to security team as this appears fixed.
Comment 4 Alexandros Toptsoglou 2020-05-04 12:23:45 UTC 
Done
First Last Prev Next    This bug is not in your last search results.