1. Ubuntu Security Notices
  2. USN-4818-1

USN-4818-1: OpenCV vulnerabilities

Publication date

28 September 2022

Overview

Several security issues were fixed in OpenCV.

Releases

Packages

  • opencv - computer vision library

Details

It was discovered that OpenCV did not properly manage certain
objects, leading to a divide-by-zero. If a user were tricked into
loading a specially crafted file, a remote attacker could potentially use
this issue to cause a denial of service or possibly execute arbitrary
code. (CVE-2019-15939)

It was discovered that OpenCV did not properly manage certain files,
leading to an out of bounds read. If a user were tricked into loading
a specially crafted file, a remote attacker could potentially use this
issue to make OpenCV crash, resulting in a denial of service. This issue
was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492)

It was discovered that OpenCV did not properly manage certain XML data,
leading to a NULL pointer dereference. If a user were tricked into
loading a specially crafted file, a...

It was discovered that OpenCV did not properly manage certain
objects, leading to a divide-by-zero. If a user were tricked into
loading a specially crafted file, a remote attacker could potentially use
this issue to cause a denial of service or possibly execute arbitrary
code. (CVE-2019-15939)

It was discovered that OpenCV did not properly manage certain files,
leading to an out of bounds read. If a user were tricked into loading
a specially crafted file, a remote attacker could potentially use this
issue to make OpenCV crash, resulting in a denial of service. This issue
was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492)

It was discovered that OpenCV did not properly manage certain XML data,
leading to a NULL pointer dereference. If a user were tricked into
loading a specially crafted file, a remote attacker could potentially use
this issue to make OpenCV crash, resulting in a denial of service. This
issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2019-14493)

It was discovered that OpenCV did not properly manage certain files,
leading to a heap-based buffer overflow. If a user were tricked into
loading a specially crafted file, a remote attacker could potentially use
this issue to cause a denial of service or possibly execute arbitrary code.
This issue only affected Ubuntu 18.04 ESM. (CVE-2017-18009)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic libopencv-imgcodecs3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-video3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-flann3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-stitching3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-imgproc3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-videoio3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-viz3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-photo3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv3.2-jni –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-superres3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-objdetect3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-ml3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-dev –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-calib3d3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-shape3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-highgui3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-features2d3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-core3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-contrib3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
libopencv-videostab3.2 –  3.2.0+dfsg-4ubuntu0.1+esm3  
16.04 xenial libopencv-ml2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-contrib2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-flann2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-highgui2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-ocl2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-photo2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-objdetect2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-superres2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-video2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-features2d2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-videostab2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-ts2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-legacy2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-gpu2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-core2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv2.4-jni –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-imgproc2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-stitching2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
libopencv-calib3d2.4v5 –  2.4.9.1+dfsg-1.5ubuntu1.1+esm1  
14.04 trusty libopencv-superres2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-ts2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-video2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-flann2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-gpu2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-imgproc2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-stitching2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-objdetect2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-ml2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv2.4-jni –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-calib3d2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-contrib2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-highgui2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-photo2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-features2d2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-legacy2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-core2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-ocl2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  
libopencv-videostab2.4 –  2.4.8+dfsg1-2ubuntu1.2+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›