CVE-2019-5063

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852	Exploit Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opencv:opencv:4.1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:big_data_spatial_and_graph::::::::
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*

History

No history.

Information

Published : 2020-01-03 17:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5063

Mitre link : CVE-2019-5063

CVE.ORG link : CVE-2019-5063

JSON object : View

Products Affected

oracle

application_testing_suite
enterprise_manager_base_platform
big_data_spatial_and_graph

opencv

opencv

CWE

CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2019-5063", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-01-03T17:15:12.210", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer de la pila en la funcionalidad de persistencia de la estructura de datos de OpenCV versi\u00f3n 4.1.0. Un archivo XML especialmente dise\u00f1ado puede causar un desbordamiento de b\u00fafer, resultando en m\u00faltiples corrupciones de la pila y potencialmente una ejecuci\u00f3n de c\u00f3digo. Un atacante puede proporcionar un archivo especialmente dise\u00f1ado para activar esta vulnerabilidad."}], "lastModified": "2022-06-17T13:15:50.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opencv:opencv:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EACD8D51-2E03-4527-9185-1AF227476DA1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65BF66DA-D1EF-4BF3-81F5-C36C29C63710", "versionEndExcluding": "2.0"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}