MEDIUM 6.5
PYSEC-2026-723
Out-of-bounds Read in OpenCV
Details
An out-of-bounds read was discovered in OpenCV before 4.1.1 (OpenCV-Python before 4.1.0.25). Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / opencv-contrib-python-headless
Introduced in:
0 Fixed in: 4.1.0.25 Fix
pip install --upgrade 'opencv-contrib-python-headless>=4.1.0.25' References
- https://nvd.nist.gov/vuln/detail/CVE-2019-19624 [ADVISORY]
- https://github.com/opencv/opencv/issues/14554 [WEB]
- https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 [WEB]
- https://access.redhat.com/security/cve/cve-2019-19624 [WEB]
- https://github.com/opencv/opencv-python [PACKAGE]
- https://github.com/opencv/opencv-python/releases/tag/25 [WEB]
- https://pypi.org/project/opencv-contrib-python-headless [PACKAGE]
- https://github.com/advisories/GHSA-jggw-2q6g-c3m6 [ADVISORY]