Vulnerability Description
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opencv | Opencv | 4.1.0 |
| Oracle | Application Testing Suite | 13.3.0.1 |
| Oracle | Big Data Spatial And Graph | < 2.0 |
| Oracle | Enterprise Manager Base Platform | 13.4.0.0 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852ExploitThird Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852ExploitThird Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2019-5063?
CVE-2019-5063 is a vulnerability with a CVSS score of 8.8 (HIGH). An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multipl...
How severe is CVE-2019-5063?
CVE-2019-5063 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5063?
Check the references section above for vendor advisories and patch information. Affected products include: Opencv Opencv, Oracle Application Testing Suite, Oracle Big Data Spatial And Graph, Oracle Enterprise Manager Base Platform.