An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| opencv-python(PyPI) | 0 | 4.2.0.32 | N/A |
| opencv-python-headless(PyPI) | 0 | 4.2.0.32 | N/A |
| opencv-contrib-python(PyPI) | 0 | 4.2.0.32 | N/A |
| opencv-contrib-python-headless(PyPI) | 0 | 4.2.0.32 | N/A |
CVSS Metrics
