Search criteria
3 vulnerabilities by OpenCV
CVE-2025-53644 (GCVE-0-2025-53644)
Vulnerability from cvelistv5 – Published: 2025-07-17 17:58 – Updated: 2025-09-26 21:56
VLAI?
Title
OpenCV contains a use after free buffer write due to an uninitialized pointer
Summary
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:23:04.773825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:23:19.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencv",
"vendor": "opencv",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.10.0, \u003c 4.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T21:56:54.102Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"
},
{
"name": "https://github.com/opencv/opencv/issues/27271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/issues/27271"
},
{
"name": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"
},
{
"name": "https://github.com/opencv/opencv/releases/tag/4.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/releases/tag/4.12.0"
}
],
"source": {
"advisory": "GHSA-cx4p-78p4-x7g7",
"discovery": "UNKNOWN"
},
"title": "OpenCV contains a use after free buffer write due to an uninitialized pointer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53644",
"datePublished": "2025-07-17T17:58:26.493Z",
"dateReserved": "2025-07-07T14:20:38.391Z",
"dateUpdated": "2025-09-26T21:56:54.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2618 (GCVE-0-2023-2618)
Vulnerability from cvelistv5 – Published: 2023-05-10 05:31 – Updated: 2024-08-02 06:26
VLAI?
Title
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak
Summary
A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-401 - Memory Leak
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenCV | wechat_qrcode Module |
Affected:
4.0
Affected: 4.1 Affected: 4.2 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.7 |
Credits
Linkai Zheng
NanoApe (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:10.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.228548"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.228548"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3484"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wechat_qrcode Module",
"vendor": "OpenCV",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Linkai Zheng"
},
{
"lang": "en",
"type": "analyst",
"value": "NanoApe (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in OpenCV wechat_qrcode Module bis 4.7.0 entdeckt. Betroffen davon ist die Funktion DecodedBitStreamParser::decodeHanziSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 2b62ff6181163eea029ed1cab11363b4996e9cd6 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Memory Leak",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T05:34:32.672Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.228548"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.228548"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3484"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-10T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-02T07:57:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2618",
"datePublished": "2023-05-10T05:31:04.406Z",
"dateReserved": "2023-05-10T05:06:29.634Z",
"dateUpdated": "2024-08-02T06:26:10.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2617 (GCVE-0-2023-2617)
Vulnerability from cvelistv5 – Published: 2023-05-10 05:31 – Updated: 2025-01-27 18:37
VLAI?
Title
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference
Summary
A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenCV | wechat_qrcode Module |
Affected:
4.0
Affected: 4.1 Affected: 4.2 Affected: 4.3 Affected: 4.4 Affected: 4.5 Affected: 4.6 Affected: 4.7 |
Credits
Haoyu Chen
Linkai Zheng
Liangyu Zhang
NanoApe (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.228547"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.228547"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3480"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:37:27.552107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:37:31.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3480"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wechat_qrcode Module",
"vendor": "OpenCV",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haoyu Chen"
},
{
"lang": "en",
"type": "finder",
"value": "Linkai Zheng"
},
{
"lang": "en",
"type": "finder",
"value": "Liangyu Zhang"
},
{
"lang": "en",
"type": "analyst",
"value": "NanoApe (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547."
},
{
"lang": "de",
"value": "In OpenCV wechat_qrcode Module bis 4.7.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion DecodedBitStreamParser::decodeByteSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T05:33:19.516Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.228547"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.228547"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/opencv/opencv_contrib/pull/3480"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-10T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-02T07:45:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2617",
"datePublished": "2023-05-10T05:31:03.420Z",
"dateReserved": "2023-05-10T05:06:27.204Z",
"dateUpdated": "2025-01-27T18:37:31.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}