Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 22.04, 18.04 LTS: USN-7247-1 critical: OpenCV denial of service

ubuntu
Calendar Grey February 4, 2025
Dist Ubuntu Esm H88
Crucial information for Ubuntu enthusiasts concerning serious OpenCV security flaws impacting various versions.
Several security issues were fixed in OpenCV.

Summary

Several security issues were fixed in OpenCV.

Software Description:

- opencv: computer vision library

Details:

It was discovered that OpenCV did not properly manage certain XML data,

leading to a NULL pointer dereference. If a user were tricked into

loading a specially crafted file, a remote attacker could possibly use

this issue to make OpenCV crash, resulting in a denial of service.

This issue only affected Ubuntu 18.04 LTS. (CVE-2019-14493)

It was discovered that OpenCV may perform out-of-bounds reads in certain

situations. An attacker could possibly use this issue to cause OpenCV to

crash, resulting in a denial of service, or the execution of arbitrary

code. This issue only affected Ubuntu 18.04 LTS.

(CVE-2019-16249, CVE-2019-19624)

It was discovered that the QR code module of OpenCV incorrectly processed

certain maliciously crafted QR codes. A remote attacker could possibly use

this issue to cause OpenCV to crash, resulting in a denial of service.

T...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   libopencv-contrib4.5d           4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-core4.5d              4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-dev                   4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-dnn4.5d               4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-flann4.5d             4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-imgcodecs4.5d         4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   libopencv-objdetect4.5d         4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro
   opencv-data                     4.5.4+dfsg-9ubuntu4+esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libopencv-core3.2               3.2.0+dfsg-4ubuntu0.1+esm4
                                   Available with Ubuntu Pro
   libopencv-dev                   3.2.0+dfsg-4ubuntu0.1+esm4
                                   Available with Ubuntu Pro
   opencv-data                     3.2.0+dfsg-4ubuntu0.1+esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7247-1

  CVE-2019-14493, CVE-2019-16249, CVE-2019-19624, CVE-2023-2617,

  CVE-2023-2618

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7247-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here