CVE-2019-19624

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19624
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19624.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-19624
Aliases
Downstream
Published
2019-12-06T15:15:10Z
Modified
2025-09-19T10:56:19.440941Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc()/oclcalc() functions in disflow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

References

Affected packages

Git / github.com/opencv/opencv

Affected ranges

Type
GIT
Repo
https://github.com/opencv/opencv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d1615ba11a93062b1429fce9f0f638d1572d3418
Type
GIT
Repo
https://github.com/opencv/opencv_contrib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0915b7eaddba3c06d83e201c9a7595e73801f417

Affected versions

2.*

2.2
2.4.0
2.4.1
2.4.10
2.4.10.1
2.4.10.2
2.4.10.3
2.4.10.4
2.4.11
2.4.12
2.4.12.1
2.4.12.2
2.4.12.3
2.4.13
2.4.13.1
2.4.2
2.4.3
2.4.3-rc
2.4.3.1
2.4.3.2
2.4.4
2.4.4-beta
2.4.5
2.4.6
2.4.6.1
2.4.6.2
2.4.6.2-rc1
2.4.7
2.4.7-rc1
2.4.7.1
2.4.7.2
2.4.8
2.4.8.1
2.4.8.2
2.4.8.3
2.4.9
2.4.9.1

3.*

3.0-ocl-tech-preview
3.0-ocl-tp2
3.0.0
3.0.0-alpha
3.0.0-beta
3.0.0-rc1
3.1.0
3.2.0
3.2.0-rc
3.3.0
3.3.0-cvsdk
3.3.0-rc
3.3.1
3.3.1-cvsdk
3.4.0
3.4.0-rc
3.4.1
3.4.1-cvsdk
3.4.2
3.4.2-openvino
3.4.3
3.4.3-openvino
3.4.4
3.4.5
3.4.6
3.4.7

4.*

4.0.0
4.0.0-alpha
4.0.0-beta
4.0.0-openvino
4.0.0-rc
4.0.1
4.0.1-openvino
4.1.0
4.1.0-openvino

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-19624-0d107a39",
            "signature_type": "Function",
            "target": {
                "file": "modules/video/src/dis_flow.cpp",
                "function": "DISOpticalFlowImpl::ocl_calc"
            },
            "digest": {
                "function_hash": "162139554431137049292270821388345923312",
                "length": 2056.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"
        },
        {
            "id": "CVE-2019-19624-96afccd4",
            "signature_type": "Line",
            "target": {
                "file": "modules/video/test/test_OF_accuracy.cpp"
            },
            "digest": {
                "line_hashes": [
                    "292434262406728731628828372549760652021",
                    "211662216980639316321159698469647860942",
                    "304814111594908040081152956091489419567"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"
        },
        {
            "id": "CVE-2019-19624-a9be7788",
            "signature_type": "Line",
            "target": {
                "file": "modules/video/src/dis_flow.cpp"
            },
            "digest": {
                "line_hashes": [
                    "241788169997656428846655581691109904689",
                    "295014261042212085194381057829810711030",
                    "281486234171086797679885502900928839897",
                    "328542092674003222271231465336406420140",
                    "15362431844559001884177702219153463341",
                    "280100629722678420229231097710457023239",
                    "278991730339888761006996892097494869265",
                    "181863082256781215470609415054293150793",
                    "50647401497426498578065211537922309543",
                    "27580502085172621736855882366216454318",
                    "83076456701604978161207366164177336379",
                    "130223734785722942024318727136227919293",
                    "318996292682408027751279023705159956127",
                    "119572132128094897544301786694778489151",
                    "179506427962028627853688607253703072201",
                    "130669332271978750733384204798221200980",
                    "2567042413751246471380210352254762735"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"
        },
        {
            "id": "CVE-2019-19624-cd2ad34c",
            "signature_type": "Function",
            "target": {
                "file": "modules/video/src/dis_flow.cpp",
                "function": "DISOpticalFlowImpl::calc"
            },
            "digest": {
                "function_hash": "194708317682258746355058615638866463711",
                "length": 2561.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"
        }
    ]
}