Bug 1158804 - (CVE-2019-19624) VUL-0: CVE-2019-19624: opencv: out-of-bounds read in DIS optflow algorithm when dealing with small images
(CVE-2019-19624)
VUL-0: CVE-2019-19624: opencv: out-of-bounds read in DIS optflow algorithm wh...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/248495/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-12-09 14:32 UTC by Wolfgang Frisch
Modified: 2019-12-09 14:34 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-12-09 14:32:44 UTC
CVE-2019-19624

An out-of-bounds read was discovered in opencv up to version 4.1.0. Specifically, variable coarsest_scale is assumed to be greater or equal than finest_scale in calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of heap-allocated arrays Ux and Uy.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1780543
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19624
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19624.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19624
https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
https://github.com/opencv/opencv/issues/14554