CVE-2023-2618

Published: May 10, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

Affected (1)

Products: Opencv: Opencv

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opencv Opencv	From 4.5.2 to 4.8.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (8)

https://github.com/opencv/opencv_contrib/pull/3484

Source: cna@vuldb.com

Patch

https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6

Source: cna@vuldb.com

Patch

https://vuldb.com/?ctiid.228548

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.228548

Source: cna@vuldb.com

Third Party Advisory

https://github.com/opencv/opencv_contrib/pull/3484

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://vuldb.com/?ctiid.228548

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.228548

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.