Base Score

HIGH7.8

CVE-2019-9423

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

VectorLOCAL

Published Bysecurity@android.com

Published DateSep 27, 2019, 19:15

Affected Versions(4)

opencv-python(PyPI)

Introduced0

FixedN/A

LimitN/A

opencv-python-headless(PyPI)

Introduced0

FixedN/A

LimitN/A

opencv-contrib-python(PyPI)

Introduced0

FixedN/A

LimitN/A

opencv-contrib-python-headless(PyPI)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Fixed	Limit
opencv-python(PyPI)	N/A	N/A
opencv-python-headless(PyPI)	N/A	N/A
opencv-contrib-python(PyPI)	N/A	N/A
opencv-contrib-python-headless(PyPI)	N/A	N/A

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH7.8

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH