CVE-2025-53644 (GCVE-0-2025-53644)
Vulnerability from cvelistv5 – Published: 2025-07-17 17:58 – Updated: 2025-09-26 21:56
VLAI?
Title
OpenCV contains a use after free buffer write due to an uninitialized pointer
Summary
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:23:04.773825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:23:19.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencv",
"vendor": "opencv",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.10.0, \u003c 4.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T21:56:54.102Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"
},
{
"name": "https://github.com/opencv/opencv/issues/27271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/issues/27271"
},
{
"name": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"
},
{
"name": "https://github.com/opencv/opencv/releases/tag/4.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencv/opencv/releases/tag/4.12.0"
}
],
"source": {
"advisory": "GHSA-cx4p-78p4-x7g7",
"discovery": "UNKNOWN"
},
"title": "OpenCV contains a use after free buffer write due to an uninitialized pointer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53644",
"datePublished": "2025-07-17T17:58:26.493Z",
"dateReserved": "2025-07-07T14:20:38.391Z",
"dateUpdated": "2025-09-26T21:56:54.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53644\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-17T20:23:04.773825Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-17T20:23:15.553Z\"}}], \"cna\": {\"title\": \"OpenCV contains a use after free buffer write due to an uninitialized pointer\", \"source\": {\"advisory\": \"GHSA-cx4p-78p4-x7g7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"opencv\", \"product\": \"opencv\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.10.0, \u003c 4.12.0\"}]}], \"references\": [{\"url\": \"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/\", \"name\": \"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/opencv/opencv/issues/27271\", \"name\": \"https://github.com/opencv/opencv/issues/27271\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\", \"name\": \"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencv/opencv/releases/tag/4.12.0\", \"name\": \"https://github.com/opencv/opencv/releases/tag/4.12.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-457\", \"description\": \"CWE-457: Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-26T21:56:54.102Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53644\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-26T21:56:54.102Z\", \"dateReserved\": \"2025-07-07T14:20:38.391Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-17T17:58:26.493Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…