Package: opencv X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for opencv. CVE-2019-5064[0]: | An exploitable heap buffer overflow vulnerability exists in the data | structure persistence functionality of OpenCV, version 4.1.0. A | specially crafted JSON file can cause a buffer overflow, resulting in | multiple heap corruptions and potentially code execution. An attacker | can provide a specially crafted file to trigger this vulnerability. CVE-2019-5063[1]: | An exploitable heap buffer overflow vulnerability exists in the data | structure persistence functionality of OpenCV 4.1.0. A specially | crafted XML file can cause a buffer overflow, resulting in multiple | heap corruptions and potential code execution. An attacker can provide | a specially crafted file to trigger this vulnerability. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-5064 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064 [1] https://security-tracker.debian.org/tracker/CVE-2019-5063 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5063 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
