Published: 03/01/2020 Updated: 17/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencv opencv
oracle application testing suite 13.3.0.1
oracle enterprise manager base platform 13.4.0.0
oracle big data spatial and graph

Debian Bug report logs - #948180 opencv: CVE-2019-5063 and CVE-2019-5064 Package: opencv; Maintainer for opencv is Debian Science Team <debian-science-maintainers@listsaliothdebianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Sat, 4 Jan 2020 23:33:06 UTC Severity: grave Tags: security Found in versio ...

AISecMatrix Project

AISecMatrix Abstract Environment Access 21 Dependent Software Attack 22 Malicious Access to Docker 23 Hardware Backdoor Attack 24 Supply Chains Attack Data Collection 31 Data Poisoning 32 Data Backdoor Attack Model Training 41 Data Recovery in Gradient 42 Initial Weight Modification 43 Code Attack 44 Training Backdoor Attack 45 Non-centralized Scenario

CWE-787 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853 https://github.com/opencv/opencv/issues/15857 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180 https://nvd.nist.gov https://github.com/AISecMatrix/AISecMatrix

CVE-2019-5064

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect