CVE-2025-53644 — Use of Uninitialized Variable in Opencv

CWE-457 — Use of Uninitialized Variable6 documents5 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 72.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opencv

Timeline

PublishedJul 17

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDopencv/opencv4.10.0 — 4.12.0

▶Debianopencv/opencv< 3.2.0+dfsg-1+3

▶CVEListV5opencv/opencv>= 4.10.0, < 4.12.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

OpenCV contains a use after free buffer write due to an uninitialized pointer↗2025-07-17

▶

OSV

CVE-2025-53644: OpenCV is an Open Source Computer Vision Library↗2025-07-17

▶

OSV

CVE-2025-53644: OpenCV is an Open Source Computer Vision Library↗2025-07-17

▶

📋Vendor Advisories

Red Hat

opencv: OpenCV use after free↗2025-07-17

▶

Debian

CVE-2025-53644: opencv - OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 hav...↗2025

▶