Bug 1149742 - (CVE-2019-15939) VUL-1: CVE-2019-15939: opencv: divide-by-zero error in cv:HOGDescriptor:getDescriptorSize in modules/objdetect/src/hog.cpp
(CVE-2019-15939)
VUL-1: CVE-2019-15939: opencv: divide-by-zero error in cv:HOGDescriptor:getDe...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/241831/
CVSSv2:NVD:CVE-2019-15939:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-06 09:35 UTC by Alexandros Toptsoglou
Modified: 2022-01-21 21:35 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
POC (109.49 KB, application/gzip)
2019-09-10 16:18 UTC, Alexandros Toptsoglou
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-09-06 09:35:57 UTC
CVE-2019-15939

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in
cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15939
https://github.com/opencv/opencv/pull/15382
https://github.com/OpenCV/opencv/issues/15287
Comment 1 Alexandros Toptsoglou 2019-09-10 16:17:34 UTC
Tracked SLE15 as affected. I succesfully reproduced the issue in Leap 15.1 and version 3.3.1. 
To reproduce the issue follow the steps:

1)Download the patch and extract 
2)compile the hog.cc as following: 
  g++ hog.cc -lopencv_core -lopencv_imgcodecs -lopencv_objdetect -o hog
3) valgrind ./hog timg.jpeg getDescriptorSize__FPE

OUTPUT: 
==26244== 
==26244== Process terminating with default action of signal 8 (SIGFPE): dumping core
==26244==  Integer divide by zero at address 0x1002ED1810
==26244==    at 0x55CC0B3: cv::HOGDescriptor::getDescriptorSize() const (hog.cpp:89)
==26244==    by 0x55CD2B5: cv::HOGDescriptor::checkDetectorSize() const (hog.cpp:108)
==26244==    by 0x55D18C4: cv::HOGDescriptor::read(cv::FileNode&) (hog.cpp:167)
==26244==    by 0x55D6EAF: cv::HOGDescriptor::load(cv::String const&, cv::String const&) (hog.cpp:199)
==26244==    by 0x401EC8: cv::HOGDescriptor::HOGDescriptor(cv::String const&) (in /home/alex/Downloads/hog-vuln/hog)
==26244==    by 0x40150D: main (in /home/alex/Downloads/hog-vuln/hog)
==26244==
Comment 2 Alexandros Toptsoglou 2019-09-10 16:18:05 UTC
Created attachment 817629 [details]
POC
Comment 5 Swamp Workflow Management 2019-12-05 20:14:25 UTC
SUSE-SU-2019:3192-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144348,1144352,1149742,1154091
CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Workstation Extension 15 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    opencv-3.3.1-6.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-12-11 14:16:12 UTC
openSUSE-SU-2019:2671-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144348,1144352,1149742,1154091
CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939
Sources used:
openSUSE Leap 15.1 (src):    opencv-3.3.1-lp151.6.3.1
Comment 7 Swamp Workflow Management 2020-07-08 13:15:13 UTC
SUSE-SU-2019:3192-2: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144348,1144352,1149742,1154091
CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    opencv-3.3.1-6.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    opencv-3.3.1-6.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.