CVE-2019-19624
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-19624
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19624.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-19624
- Aliases
- Downstream
- Published
- 2019-12-06T15:15:10.330Z
- Modified
- 2025-11-21T22:57:57.897413Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc()/oclcalc() functions in disflow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
- References
Affected packages
Git / github.com/opencv/opencv
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opencv/opencv
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.2
2.4.0
2.4.1
2.4.10
2.4.10.1
2.4.10.2
2.4.10.3
2.4.10.4
2.4.11
2.4.12
2.4.12.1
2.4.12.2
2.4.12.3
2.4.13
2.4.13.1
2.4.2
2.4.3
2.4.3-rc
2.4.3.1
2.4.3.2
2.4.4
2.4.4-beta
2.4.5
2.4.6
2.4.6.1
2.4.6.2
2.4.6.2-rc1
2.4.7
2.4.7-rc1
2.4.7.1
2.4.7.2
2.4.8
2.4.8.1
2.4.8.2
2.4.8.3
2.4.9
2.4.9.1
3.*
3.0-ocl-tech-preview
3.0-ocl-tp2
3.0.0
3.0.0-alpha
3.0.0-beta
3.0.0-rc1
3.1.0
3.2.0
3.2.0-rc
3.3.0
3.3.0-cvsdk
3.3.0-rc
3.3.1
3.3.1-cvsdk
3.4.0
3.4.0-rc
3.4.1
3.4.1-cvsdk
3.4.2
3.4.2-openvino
3.4.3
3.4.3-openvino
3.4.4
3.4.5
3.4.6
4.*
4.0.0
4.0.0-alpha
4.0.0-beta
4.0.0-openvino
4.0.0-rc
4.0.1
4.0.1-openvino
4.1.0
4.1.0-openvino
Database specific
vanir_signatures
[
{
"source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418",
"id": "CVE-2019-19624-0d107a39",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "modules/video/src/dis_flow.cpp",
"function": "DISOpticalFlowImpl::ocl_calc"
},
"digest": {
"function_hash": "162139554431137049292270821388345923312",
"length": 2056.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418",
"id": "CVE-2019-19624-96afccd4",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "modules/video/test/test_OF_accuracy.cpp"
},
"digest": {
"line_hashes": [
"292434262406728731628828372549760652021",
"211662216980639316321159698469647860942",
"304814111594908040081152956091489419567"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418",
"id": "CVE-2019-19624-a9be7788",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "modules/video/src/dis_flow.cpp"
},
"digest": {
"line_hashes": [
"241788169997656428846655581691109904689",
"295014261042212085194381057829810711030",
"281486234171086797679885502900928839897",
"328542092674003222271231465336406420140",
"15362431844559001884177702219153463341",
"280100629722678420229231097710457023239",
"278991730339888761006996892097494869265",
"181863082256781215470609415054293150793",
"50647401497426498578065211537922309543",
"27580502085172621736855882366216454318",
"83076456701604978161207366164177336379",
"130223734785722942024318727136227919293",
"318996292682408027751279023705159956127",
"119572132128094897544301786694778489151",
"179506427962028627853688607253703072201",
"130669332271978750733384204798221200980",
"2567042413751246471380210352254762735"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418",
"id": "CVE-2019-19624-cd2ad34c",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "modules/video/src/dis_flow.cpp",
"function": "DISOpticalFlowImpl::calc"
},
"digest": {
"function_hash": "194708317682258746355058615638866463711",
"length": 2561.0
},
"signature_type": "Function"
}
]