9.8

CVE-2025-53644

Exploit

OpenCV contains a use after free buffer write due to an uninitialized pointer

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpencvOpencv Version >= 4.10.0 < 4.12.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.287
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 6.6 0 0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
Third Party Advisory
Exploit
https://github.com/opencv/opencv/issues/27271
Issue Tracking
https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466
Patch
https://github.com/opencv/opencv/releases/tag/4.12.0
Release Notes