Vulnerabilites related to OpenCV - wechat_qrcode Module
cve-2023-2617
Vulnerability from cvelistv5
Published
2023-05-10 05:31
Modified
2025-01-27 18:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS score ?
Summary
A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.228547 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.228547 | signature, permissions-required | |
| https://github.com/opencv/opencv_contrib/pull/3480 | issue-tracking, patch | |
| https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270 | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenCV | wechat_qrcode Module |
Version: 4.0 Version: 4.1 Version: 4.2 Version: 4.3 Version: 4.4 Version: 4.5 Version: 4.6 Version: 4.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:26:09.731Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.228547", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.228547", }, { tags: [ "issue-tracking", "patch", "x_transferred", ], url: "https://github.com/opencv/opencv_contrib/pull/3480", }, { tags: [ "exploit", "x_transferred", ], url: "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2617", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T18:37:27.552107Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-27T18:37:31.782Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/opencv/opencv_contrib/pull/3480", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "wechat_qrcode Module", vendor: "OpenCV", versions: [ { status: "affected", version: "4.0", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.2", }, { status: "affected", version: "4.3", }, { status: "affected", version: "4.4", }, { status: "affected", version: "4.5", }, { status: "affected", version: "4.6", }, { status: "affected", version: "4.7", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Haoyu Chen", }, { lang: "en", type: "finder", value: "Linkai Zheng", }, { lang: "en", type: "finder", value: "Liangyu Zhang", }, { lang: "en", type: "analyst", value: "NanoApe (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.", }, { lang: "de", value: "In OpenCV wechat_qrcode Module bis 4.7.0 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion DecodedBitStreamParser::decodeByteSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 5, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-23T05:33:19.516Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.228547", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.228547", }, { tags: [ "issue-tracking", "patch", ], url: "https://github.com/opencv/opencv_contrib/pull/3480", }, { tags: [ "exploit", ], url: "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270", }, ], timeline: [ { lang: "en", time: "2023-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-05-10T00:00:00.000Z", value: "CVE reserved", }, { lang: "en", time: "2023-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-06-02T07:45:57.000Z", value: "VulDB entry last update", }, ], title: "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-2617", datePublished: "2023-05-10T05:31:03.420Z", dateReserved: "2023-05-10T05:06:27.204Z", dateUpdated: "2025-01-27T18:37:31.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2618
Vulnerability from cvelistv5
Published
2023-05-10 05:31
Modified
2024-08-02 06:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.228548 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.228548 | signature, permissions-required | |
| https://github.com/opencv/opencv_contrib/pull/3484 | issue-tracking | |
| https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 | issue-tracking, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenCV | wechat_qrcode Module |
Version: 4.0 Version: 4.1 Version: 4.2 Version: 4.3 Version: 4.4 Version: 4.5 Version: 4.6 Version: 4.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:26:10.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.228548", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.228548", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/opencv/opencv_contrib/pull/3484", }, { tags: [ "issue-tracking", "patch", "x_transferred", ], url: "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "wechat_qrcode Module", vendor: "OpenCV", versions: [ { status: "affected", version: "4.0", }, { status: "affected", version: "4.1", }, { status: "affected", version: "4.2", }, { status: "affected", version: "4.3", }, { status: "affected", version: "4.4", }, { status: "affected", version: "4.5", }, { status: "affected", version: "4.6", }, { status: "affected", version: "4.7", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Linkai Zheng", }, { lang: "en", type: "analyst", value: "NanoApe (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in OpenCV wechat_qrcode Module bis 4.7.0 entdeckt. Betroffen davon ist die Funktion DecodedBitStreamParser::decodeHanziSegment der Datei qrcode/decoder/decoded_bit_stream_parser.cpp. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Patch wird als 2b62ff6181163eea029ed1cab11363b4996e9cd6 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 5, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401 Memory Leak", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-23T05:34:32.672Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.228548", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.228548", }, { tags: [ "issue-tracking", ], url: "https://github.com/opencv/opencv_contrib/pull/3484", }, { tags: [ "issue-tracking", "patch", ], url: "https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6", }, ], timeline: [ { lang: "en", time: "2023-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-05-10T00:00:00.000Z", value: "CVE reserved", }, { lang: "en", time: "2023-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-06-02T07:57:43.000Z", value: "VulDB entry last update", }, ], title: "OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-2618", datePublished: "2023-05-10T05:31:04.406Z", dateReserved: "2023-05-10T05:06:29.634Z", dateUpdated: "2024-08-02T06:26:10.033Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }