An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| opencv-python(PyPI) | 0 | N/A | N/A |
| opencv-python-headless(PyPI) | 0 | N/A | N/A |
| opencv-contrib-python(PyPI) | 0 | N/A | N/A |
| opencv-contrib-python-headless(PyPI) | 0 | N/A | N/A |
CVSS Metrics
