Miggo Logo
Miggo Vulnerability Database
CVE-2019-16249

CVE-2019-16249: Out-of-bounds Read in OpenCV

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-16249
GHSA ID
GHSA-x3rm-644h-67m8
EPSS Score
0.38714%
CWE
CWE-125
Published
10/12/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
opencv-pythonpip<= 4.1.1.264.1.2.30
opencv-python-headlesspip<= 4.1.1.264.1.2.30
opencv-contrib-pythonpip<= 4.1.1.264.1.2.30
opencv-contrib-python-headlesspip<= 4.1.1.264.1.2.30

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the interaction between computeSSDMeanNorm and v_load:

  1. computeSSDMeanNorm uses a macro that miscalculates the I1_ptr buffer offset, passing a pointer to the last 12 bytes of a 400-byte region.
  2. v_load then attempts to read 16 bytes from this pointer, causing a 4-byte over-read.
  3. The GitHub issue stack trace and Red Hat analysis confirm this call chain. The fix in #15531 explicitly replaces v_load with v_load_expand (which reads 8 bytes) in the affected macro, addressing the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*n*V *.*.* **s *n out-o*-*oun*s r*** in **l_**s*lin*::v_lo** in *or*/**l/intrin_ss*.*pp w**n **ll** *rom *omput*SS*M**nNorm in mo*ul*s/vi**o/sr*/*is_*low.*pp.

Reasoning

T** vuln*r**ility st*ms *rom t** int*r**tion **tw**n *omput*SS*M**nNorm *n* v_lo**: *. *omput*SS*M**nNorm us*s * m**ro t**t mis**l*ul*t*s t** I*_ptr *u***r o**s*t, p*ssin* * point*r to t** l*st ** *yt*s o* * ***-*yt* r**ion. *. v_lo** t**n *tt*mpts t