Bugzilla – Bug 1149742
VUL-1: CVE-2019-15939: opencv: divide-by-zero error in cv:HOGDescriptor:getDescriptorSize in modules/objdetect/src/hog.cpp
Last modified: 2022-01-21 21:35:06 UTC
CVE-2019-15939 An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15939 https://github.com/opencv/opencv/pull/15382 https://github.com/OpenCV/opencv/issues/15287
Tracked SLE15 as affected. I succesfully reproduced the issue in Leap 15.1 and version 3.3.1. To reproduce the issue follow the steps: 1)Download the patch and extract 2)compile the hog.cc as following: g++ hog.cc -lopencv_core -lopencv_imgcodecs -lopencv_objdetect -o hog 3) valgrind ./hog timg.jpeg getDescriptorSize__FPE OUTPUT: ==26244== ==26244== Process terminating with default action of signal 8 (SIGFPE): dumping core ==26244== Integer divide by zero at address 0x1002ED1810 ==26244== at 0x55CC0B3: cv::HOGDescriptor::getDescriptorSize() const (hog.cpp:89) ==26244== by 0x55CD2B5: cv::HOGDescriptor::checkDetectorSize() const (hog.cpp:108) ==26244== by 0x55D18C4: cv::HOGDescriptor::read(cv::FileNode&) (hog.cpp:167) ==26244== by 0x55D6EAF: cv::HOGDescriptor::load(cv::String const&, cv::String const&) (hog.cpp:199) ==26244== by 0x401EC8: cv::HOGDescriptor::HOGDescriptor(cv::String const&) (in /home/alex/Downloads/hog-vuln/hog) ==26244== by 0x40150D: main (in /home/alex/Downloads/hog-vuln/hog) ==26244==
Created attachment 817629 [details] POC
SUSE-SU-2019:3192-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1144348,1144352,1149742,1154091 CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Workstation Extension 15 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): opencv-3.3.1-6.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2671-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1144348,1144352,1149742,1154091 CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939 Sources used: openSUSE Leap 15.1 (src): opencv-3.3.1-lp151.6.3.1
SUSE-SU-2019:3192-2: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1144348,1144352,1149742,1154091 CVE References: CVE-2019-14491,CVE-2019-14492,CVE-2019-15939 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): opencv-3.3.1-6.6.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): opencv-3.3.1-6.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.