Advisories ยป MGASA-2020-0030

Updated opencv packages fix security vulnerabilities

Publication date: 11 Jan 2020
Modification date: 11 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14491 , CVE-2019-14492 , CVE-2019-15939

Description

The updated packages fix security vulnerabilities:

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1.
There is an out of bounds read in the function cv::predictOrdered
 in modules/objdetect/src/cascadedetect.hpp, which
leads to denial of service. (CVE-2019-14491)

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1.
There is an out of bounds read/write in the function HaarEvaluator::
OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which
leads to denial of service. (CVE-2019-14492)

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error
in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
(CVE-2019-15939)
                

References

SRPMS

7/core