CVE-2025-53644 (GCVE-0-2025-53644)
Vulnerability from cvelistv5
Published
2025-07-17 17:58
Modified
2025-08-05 18:37
CWE
  • CWE-457 - Use of Uninitialized Variable
Summary
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
Impacted products
Vendor Product Version
opencv opencv Version: < 4.12.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:23:04.773825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:23:19.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opencv",
          "vendor": "opencv",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-05T18:37:03.213Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"
        },
        {
          "name": "https://github.com/opencv/opencv/issues/27271",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencv/opencv/issues/27271"
        },
        {
          "name": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"
        },
        {
          "name": "https://github.com/opencv/opencv/releases/tag/4.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencv/opencv/releases/tag/4.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-cx4p-78p4-x7g7",
        "discovery": "UNKNOWN"
      },
      "title": "OpenCV contains a use after free buffer write due to an uninitialized pointer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53644",
    "datePublished": "2025-07-17T17:58:26.493Z",
    "dateReserved": "2025-07-07T14:20:38.391Z",
    "dateUpdated": "2025-08-05T18:37:03.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53644\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-17T18:15:27.913\",\"lastModified\":\"2025-08-05T19:15:41.637\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.\"},{\"lang\":\"es\",\"value\":\"OpenCV es una librer\u00eda de c\u00f3digo abierto para visi\u00f3n artificial. Las versiones anteriores a la 4.12.0 tienen una variable de puntero sin inicializar en la pila que puede provocar escrituras arbitrarias en el b\u00fafer del mont\u00f3n al leer im\u00e1genes JPEG manipuladas. La versi\u00f3n 4.12.0 corrige esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-457\"}]}],\"references\":[{\"url\":\"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/opencv/opencv/issues/27271\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/opencv/opencv/releases/tag/4.12.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53644\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-17T20:23:04.773825Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-17T20:23:15.553Z\"}}], \"cna\": {\"title\": \"OpenCV contains a use after free buffer write due to an uninitialized pointer\", \"source\": {\"advisory\": \"GHSA-cx4p-78p4-x7g7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"opencv\", \"product\": \"opencv\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.12.0\"}]}], \"references\": [{\"url\": \"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/\", \"name\": \"https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/opencv/opencv/issues/27271\", \"name\": \"https://github.com/opencv/opencv/issues/27271\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\", \"name\": \"https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencv/opencv/releases/tag/4.12.0\", \"name\": \"https://github.com/opencv/opencv/releases/tag/4.12.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-457\", \"description\": \"CWE-457: Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-05T18:37:03.213Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53644\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-05T18:37:03.213Z\", \"dateReserved\": \"2025-07-07T14:20:38.391Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-17T17:58:26.493Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…