Miggo Logo

CVE-2019-14491:
Out-of-bounds Read in OpenCV

8.2

CVSS Score

Basic Information

EPSS Score
-
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencv-pythonpip<= 3.4.6.273.4.7.28
opencv-pythonpip>= 4.0.0.21, <= 4.1.0.254.1.1.26
opencv-python-headlesspip<= 3.4.6.273.4.7.28
opencv-python-headlesspip>= 4.0.0.21, <= 4.1.0.254.1.1.26
opencv-contrib-pythonpip<= 3.4.6.273.4.7.28
opencv-contrib-pythonpip>= 4.0.0.21, <= 4.1.0.254.1.1.26
opencv-contrib-python-headlesspip<= 3.4.6.273.4.7.28
opencv-contrib-python-headlesspip>= 4.0.0.21, <= 4.1.0.254.1.1.26

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is explicitly identified in the function signature cv::predictOrderedcv::HaarEvaluator across multiple sources. The GitHub issue (#15125) shows a crash at line 515 of cascadedetect.hpp with an invalid index calculation (leafOfs - idx) where idx can be negative. The CVE description and ASAN report confirm this as an out-of-bounds read. The combination of explicit function references, crash analysis, and vulnerability classification against CWE-125 establishes high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in Op*n*V ***or* *.*.* *n* *.x ***or* *.*.* (Op*n*V-Pyt*on ***or* *.*.*.** *n* *.x ***or* *.*.*.**). T**r* is *n out o* *oun*s r*** in t** *un*tion *v::pr**i*tOr**r**<*v::***r*v*lu*tor> in mo*ul*s/o*j**t**t/sr*/**s******t**t.*

Reasoning

T** vuln*r**ility is *xpli*itly i**nti*i** in t** *un*tion si*n*tur* *v::pr**i*tOr**r**<*v::***r*v*lu*tor> **ross multipl* sour**s. T** *it*u* issu* (#*****) s*ows * *r*s* *t lin* *** o* **s******t**t.*pp wit* *n inv*li* in**x **l*ul*tion (l***O*s -