Bug 1150462 - (CVE-2019-16249) VUL-1: CVE-2019-16249: opencv: out-of-bounds read in hal_baseline:v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp
(CVE-2019-16249)
VUL-1: CVE-2019-16249: opencv: out-of-bounds read in hal_baseline:v_load in c...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Normal (vote)
: Current
Assigned To: Stefan Brüns
E-mail List
https://smash.suse.de/issue/242324/
CVSSv3:SUSE:CVE-2019-16249:4.4:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-12 07:44 UTC by Alexandros Toptsoglou
Modified: 2021-01-10 19:03 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-09-12 07:44:09 UTC
CVE-2019-16249

OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in
core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in
modules/video/src/dis_flow.cpp.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16249
http://www.cvedetails.com/cve/CVE-2019-16249/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16249
https://github.com/opencv/opencv/issues/15481
Comment 1 Alexandros Toptsoglou 2019-09-12 07:46:14 UTC
I cannot judge whether our version is affected. I did not find ay POC or any fix yet
Comment 2 Alexandros Toptsoglou 2019-09-18 11:59:56 UTC
It seems that this issue does not affect SLE-15. The fix can be found at [1]. Version 4.1.2 will ship the fix. 
Only TW is affected.

[1] https://github.com/opencv/opencv/pull/15531/commits/cd7fa04985b10db5e66de542725d0da57f0d10b6
Comment 3 Stefan Brüns 2021-01-10 19:03:43 UTC
TW has openCV 4.5.1