{"id":"CVE-2019-5064","details":"An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","aliases":["GHSA-q799-q27x-vp7w"],"modified":"2026-04-11T09:46:15.634956Z","published":"2020-01-03T17:15:12.257Z","references":[{"type":"ADVISORY","url":"https://github.com/opencv/opencv/issues/15857"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencv/opencv","events":[{"introduced":"e6d9486a6cb3379a0eeb59bd405bea3125ea364d"},{"fixed":"4de7015cfd9462cea82eac35007e541d84e23a27"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.2.0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T09:46:15Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/opencv/opencv/commit/4de7015cfd9462cea82eac35007e541d84e23a27","target":{"file":"modules/dnn/src/op_inf_engine.cpp","function":"getCore"},"deprecated":false,"signature_type":"Function","digest":{"length":56,"function_hash":"42391463951113352527122832114488237590"},"id":"CVE-2019-5064-3d0f94f7"},{"signature_version":"v1","source":"https://github.com/opencv/opencv/commit/4de7015cfd9462cea82eac35007e541d84e23a27","target":{"file":"modules/dnn/src/op_inf_engine.cpp"},"deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["317101903585342046209676890270866796176","4899819219694852016431700102245338623","145431787435142965762058253718854780324","327709608047084872203543569286410968244","150284813203258107715379774141947886599","8203734128214708468098549216124558848","6684646567636119877889396109033940069","82837593067641140679090056088734863650"]},"id":"CVE-2019-5064-cde920ea"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"13.3.0.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.4.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5064.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}