An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19624 Finding conflicting information on this. Debian and Ubuntu have a version with 3.2.0 and they think it's vulnerable, but Red Hat says 3.4.10 is not: https://bugzilla.redhat.com/show_bug.cgi?id=1780543#c11
Summary: opencv security issue CVE-2019-19624 => opencv possible new security issue CVE-2019-19624
Opencv has no obvious maintainer, so having to assign this globally.
Assignee: bugsquad => pkg-bugsSource RPM: opencv-3.4.5-2.1.mga7.src => opencv-3.4.5-2.1.mga7.src.rpm
from https://github.com/opencv/opencv/issues/14554 our version is not affected. I looked to debian "fixed" version and there is no commits/patches for this CVE
CC: (none) => mageiaResolution: (none) => FIXEDStatus: NEW => RESOLVED
INVALID then. Debian has no fixes because they haven't attempted to fix it...
Resolution: FIXED => INVALID