LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2016-1516
CVE STATUS: Patched
CVE SUMMARY: OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1516

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2016-1517
CVE STATUS: Patched
CVE SUMMARY: OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1517

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-1000450
CVE STATUS: Patched
CVE SUMMARY: In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000450

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12597
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12597

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12598
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12598

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12599
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12599

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12600
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12600

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12601
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12601

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12602
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12602

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12603
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12603

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12604
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12604

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12605
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12605

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12606
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12606

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12862
CVE STATUS: Patched
CVE SUMMARY: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12862

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12863
CVE STATUS: Patched
CVE SUMMARY: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12863

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-12864
CVE STATUS: Patched
CVE SUMMARY: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12864

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-14136
CVE STATUS: Patched
CVE SUMMARY: OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14136

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-17760
CVE STATUS: Patched
CVE SUMMARY: OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17760

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2017-18009
CVE STATUS: Patched
CVE SUMMARY: In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18009

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2018-5268
CVE STATUS: Patched
CVE SUMMARY: In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5268

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2018-5269
CVE STATUS: Patched
CVE SUMMARY: In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5269

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2018-7712
CVE STATUS: Patched
CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7712

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2018-7713
CVE STATUS: Patched
CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7713

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2018-7714
CVE STATUS: Patched
CVE SUMMARY: The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7714

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-14491
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 8.2
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14491

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-14492
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14492

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-14493
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14493

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-15939
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.9
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15939

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-16249
CVE STATUS: Patched
CVE SUMMARY: OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16249

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-19624
CVE STATUS: Patched
CVE SUMMARY: An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19624

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-5063
CVE STATUS: Patched
CVE SUMMARY: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5063

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2019-5064
CVE STATUS: Patched
CVE SUMMARY: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5064

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2023-2617
CVE STATUS: Patched
CVE SUMMARY: A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2617

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2023-2618
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2618

LAYER: meta-oe
PACKAGE NAME: opencv
PACKAGE VERSION: 4.9.0
CVE: CVE-2025-53644
CVE STATUS: Patched
CVE SUMMARY: OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 6.6
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-53644