{"id":"CVE-2019-19624","details":"An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.","aliases":["GHSA-jggw-2q6g-c3m6"],"modified":"2026-04-11T09:39:48.333613Z","published":"2019-12-06T15:15:10.330Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-19624"},{"type":"REPORT","url":"https://github.com/opencv/opencv/issues/14554"},{"type":"FIX","url":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencv/opencv","events":[{"introduced":"0"},{"fixed":"693877212d34f2d5e3bbf29287aa1db2d07d4d6d"},{"fixed":"d1615ba11a93062b1429fce9f0f638d1572d3418"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1.1"}]}}],"versions":["2.2","3.2.0-rc","3.3.0-rc","3.4.0-rc"],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:39:48Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19624.json","vanir_signatures":[{"target":{"function":"DISOpticalFlowImpl::ocl_calc","file":"modules/video/src/dis_flow.cpp"},"id":"CVE-2019-19624-0d107a39","signature_type":"Function","digest":{"function_hash":"162139554431137049292270821388345923312","length":2056},"deprecated":false,"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1"},{"target":{"file":"modules/video/test/test_OF_accuracy.cpp"},"id":"CVE-2019-19624-96afccd4","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["292434262406728731628828372549760652021","211662216980639316321159698469647860942","304814111594908040081152956091489419567"]},"deprecated":false,"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1"},{"target":{"file":"modules/video/src/dis_flow.cpp"},"id":"CVE-2019-19624-a9be7788","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["241788169997656428846655581691109904689","295014261042212085194381057829810711030","281486234171086797679885502900928839897","328542092674003222271231465336406420140","15362431844559001884177702219153463341","280100629722678420229231097710457023239","278991730339888761006996892097494869265","181863082256781215470609415054293150793","50647401497426498578065211537922309543","27580502085172621736855882366216454318","83076456701604978161207366164177336379","130223734785722942024318727136227919293","318996292682408027751279023705159956127","119572132128094897544301786694778489151","179506427962028627853688607253703072201","130669332271978750733384204798221200980","2567042413751246471380210352254762735"]},"deprecated":false,"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1"},{"target":{"function":"DISOpticalFlowImpl::calc","file":"modules/video/src/dis_flow.cpp"},"id":"CVE-2019-19624-cd2ad34c","signature_type":"Function","digest":{"function_hash":"194708317682258746355058615638866463711","length":2561},"deprecated":false,"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1"},{"target":{"file":"modules/videoio/src/backend_plugin.cpp"},"id":"CVE-2019-19624-f4b69b89","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["324810334612706110929790317977131335514","283354122908894961945064184555133515053","29337495017562247810249731437058366319","15156896965861494906414910206189503336"]},"deprecated":false,"source":"https://github.com/opencv/opencv/commit/693877212d34f2d5e3bbf29287aa1db2d07d4d6d","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}