7.5

CVE-2023-2618

OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpencvOpencv Version >= 4.5.2 < 4.8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.3% 0.668
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://github.com/opencv/opencv_contrib/pull/3484
Patch
https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6
Patch
https://vuldb.com/?ctiid.228548
Permissions Required
https://vuldb.com/?id.228548
Third Party Advisory