7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-14492

GHSA ID

GHSA-fw99-f933-rgh8

EPSS Score

0.67017%

CWE

CWE-125

Published

10/12/2021

Updated

2/1/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-14492

CVE-2019-14492:
Out-of-bounds Read and Out-of-bounds Write in OpenCV

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 (OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26). There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-14492

GHSA ID

GHSA-fw99-f933-rgh8

EPSS Score

0.67017%

CWE

CWE-125

Published

10/12/2021

Updated

2/1/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
opencv-python	pip	<= 3.4.6.27	3.4.7.28
opencv-python	pip	>= 4.0.0.21, <= 4.1.0.25	4.1.1.26
opencv-python-headless	pip	<= 3.4.6.27	3.4.7.28
opencv-python-headless	pip	>= 4.0.0.21, <= 4.1.0.25	4.1.1.26
opencv-contrib-python	pip	<= 3.4.6.27	3.4.7.28
opencv-contrib-python	pip	>= 4.0.0.21, <= 4.1.0.25	4.1.1.26
opencv-contrib-python-headless	pip	<= 3.4.6.27	3.4.7.28
opencv-contrib-python-headless	pip	>= 4.0.0.21, <= 4.1.0.25	4.1.1.26

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The CVE description explicitly names HaarEvaluator::OptFeature::calc as the vulnerable function.
The GitHub issue #15124 provides a code snippet showing the function implementation with CALC_SUM_OFS macro usage and a crash trace.
The OpenSUSE security announcement directly references this function in CVE-2019-14492 context.
All sources consistently point to cascadedetect.hpp as the vulnerable file location.
The combination of OOB read/write CWEs aligns with the macro-based pointer arithmetic shown in the code snippet.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in Op*n*V ***or* *.*.* *n* *.x ***or* *.*.* (Op*n*V-Pyt*on ***or* *.*.*.** *n* *.x ***or* *.*.*.**). T**r* is *n out o* *oun*s r***/writ* in t** *un*tion ***r*v*lu*tor::Opt***tur*::**l* in mo*ul*s/o*j**t**t/sr*/**s******t**t.*

Reasoning

*. T** *V* **s*ription *xpli*itly n*m*s ***r*v*lu*tor::Opt***tur*::**l* *s t** vuln*r**l* *un*tion. *. T** *it*u* issu* #***** provi**s * *o** snipp*t s*owin* t** *un*tion impl*m*nt*tion wit* **L*_SUM_O*S m**ro us*** *n* * *r*s* tr***. *. T** Op*nSUS

7.5

Basic Information

Concerned about an active attack path?

CVE-2019-14492: Out-of-bounds Read and Out-of-bounds Write in OpenCV

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2019-14492:
Out-of-bounds Read and Out-of-bounds Write in OpenCV

Vulnerability Intelligence
Miggo AI