An update has been released for the OpenCV package in Debian GNU/Linux 10 (Buster) Extended LTS to fix multiple vulnerabilities. The vulnerabilities include buffer overflows, out-of-bounds reads and writes, NULL pointer dereferences, and divide-by-zero errors in various functions of the OpenCV library.

ELA-1513-1 opencv security update

ELA-1513-1 opencv security update

Package : opencv
Version : 3.2.0+dfsg-6+deb10u1 (buster)

Related CVEs :
CVE-2017-18009
CVE-2019-14491
CVE-2019-14492
CVE-2019-14493
CVE-2019-15939
CVE-2019-19624

Multiple vulnerabilities were found in the computer vision library OpenCV.

CVE-2017-18009
Buffer overflow in the cv::HdrDecoder::checkSignature function

CVE-2019-14491
Out-of-bounds read in cv::predictOrdered

CVE-2019-14492
Out-of-bounds read/write in the HaarEvaluator::OptFeature::calc function

CVE-2019-14493
NULL pointer dereference in the cv::XMLParser::parse funcion

CVE-2019-15939
Divide-by-zero error in cv::HOGDescriptor::getDescriptorSize

CVE-2019-19624
Out-of-bounds read in the calc() function of dis_flow.cpp, when dealing
with small images

ELA-1513-1 opencv security update