HIGH 8.2
PYSEC-2026-720
Out-of-bounds Read in OpenCV
Details
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 (OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26). There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / opencv-contrib-python-headless
Introduced in:
0 Fixed in: 3.4.7.28 Fix
pip install --upgrade 'opencv-contrib-python-headless>=3.4.7.28' References
- https://nvd.nist.gov/vuln/detail/CVE-2019-14491 [ADVISORY]
- https://github.com/opencv/opencv/issues/15125 [WEB]
- https://github.com/opencv/opencv-python [PACKAGE]
- https://github.com/opencv/opencv/compare/33b765d...4a7ca5a [WEB]
- https://github.com/opencv/opencv/compare/371bba8...ddbd10c [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ [WEB]
- https://pypi.org/project/opencv-contrib-python-headless [PACKAGE]
- https://github.com/advisories/GHSA-fm39-cw8h-3p63 [ADVISORY]