CVE-2019-14491:
Out-of-bounds Read in OpenCV
8.2
CVSS ScoreBasic Information
CVE ID
GHSA ID
EPSS Score
-
CWE
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
opencv-python | pip | <= 3.4.6.27 | 3.4.7.28 |
opencv-python | pip | >= 4.0.0.21, <= 4.1.0.25 | 4.1.1.26 |
opencv-python-headless | pip | <= 3.4.6.27 | 3.4.7.28 |
opencv-python-headless | pip | >= 4.0.0.21, <= 4.1.0.25 | 4.1.1.26 |
opencv-contrib-python | pip | <= 3.4.6.27 | 3.4.7.28 |
opencv-contrib-python | pip | >= 4.0.0.21, <= 4.1.0.25 | 4.1.1.26 |
opencv-contrib-python-headless | pip | <= 3.4.6.27 | 3.4.7.28 |
opencv-contrib-python-headless | pip | >= 4.0.0.21, <= 4.1.0.25 | 4.1.1.26 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability is explicitly identified in the function signature cv::predictOrderedcv::HaarEvaluator across multiple sources. The GitHub issue (#15125) shows a crash at line 515 of cascadedetect.hpp with an invalid index calculation (leafOfs - idx) where idx can be negative. The CVE description and ASAN report confirm this as an out-of-bounds read. The combination of explicit function references, crash analysis, and vulnerability classification against CWE-125 establishes high confidence.