Candidate: CVE-2019-19624
PublicDate: 2019-12-06 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19624
 https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
 https://github.com/opencv/opencv/issues/14554
Description:
 An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically,
 variable coarsest_scale is assumed to be greater than or equal to
 finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp.
 However, this is not true when dealing with small images, leading to an
 out-of-bounds read of the heap-allocated arrays Ux and Uy.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L [6.5 MEDIUM]


Patches_opencv:
upstream_opencv: released (4.1.2+dfsg-3)
precise/esm_opencv: DNE
trusty_opencv: ignored (out of standard support)
trusty/esm_opencv: not-affected (code not present)
xenial_opencv: not-affected (code not present)
bionic_opencv: needed
disco_opencv: ignored (reached end-of-life)
eoan_opencv: ignored (reached end-of-life)
focal_opencv: not-affected (4.1.2+dfsg-5)
groovy_opencv: not-affected (4.1.2+dfsg-5)
hirsute_opencv: not-affected (4.1.2+dfsg-5)
impish_opencv: not-affected (4.1.2+dfsg-5)
jammy_opencv: not-affected (4.1.2+dfsg-5)
devel_opencv: not-affected (4.1.2+dfsg-5)