CVE-2019-5063Classic Buffer Overflow in Oracle BIG Data Spatial AND Graph

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
8.8HIGHNVD
EPSS
5.5%
top 9.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OpencvOracle BIG Data Spatial AND GraphOracle Application Testing Suite+1 more
Timeline
PublishedJan 3
Latest updateOct 12

Description

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

Debianopencv/opencv< 4.2.0+dfsg-3+3
CVEListV5opencv/opencvOpenCV 4.1.0
NVDopencv/opencv4.1.0

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
OSV
Out-of-bounds Write in OpenCV2021-10-12
GHSA
Out-of-bounds Write in OpenCV2021-10-12
CVEList
CVE-2019-5063: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 42020-01-03
OSV
CVE-2019-5063: An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 42020-01-03

📋Vendor Advisories

2
Red Hat
opencv: Heap buffer overflow in persistence_xml.cpp while parsing crafted XML file2020-01-02
Debian
CVE-2019-5063: opencv - An exploitable heap buffer overflow vulnerability exists in the data structure p...2019

💬Community

2
Bugzilla
CVE-2019-5063 opencv: Heap buffer overflow in persistence_xml.cpp while parsing crafted XML file2020-01-11
Bugzilla
CVE-2019-5063 opencv: Heap buffer overflow in persistence_xml.cpp while parsing crafted XML file [fedora-all]2020-01-11
CVE-2019-5063 — Classic Buffer Overflow in Oracle | cvebase