Bugzilla – Bug 1160255
VUL-0: CVE-2019-5063, CVE-2019-5064: opencv: heap buffer overflow via a specially crafted XML file in the data structure persistence functionality
Last modified: 2020-07-03 11:41:06 UTC
An exploitable heap buffer overflow vulnerability exists in the data structure
persistence functionality of OpenCV 4.1.0. A specially crafted XML file can
cause a buffer overflow, resulting in multiple heap corruptions and potential
code execution. An attacker can provide a specially crafted file to trigger this
Versions of 3.X and older are not affected.
Only TW is affected. The fix is available at .
Please upgrade to 4.2.0 .
(In reply to Alexandros Toptsoglou from comment #1)
> Versions of 3.X and older are not affected.
> Only TW is affected. The fix is available at .
> Please upgrade to 4.2.0 .
TW is now at 4.2.0 so this should be done.