{"id":"UBUNTU-CVE-2019-5064","details":"An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","modified":"2025-07-16T07:40:08.798679Z","published":"2020-01-03T17:15:00Z","withdrawn":"2025-07-18T16:44:58Z","upstream":["CVE-2019-5064"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-5064"},{"type":"REPORT","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853"},{"type":"REPORT","url":"https://github.com/opencv/opencv/issues/15857"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-5064"}],"affected":[{"package":{"name":"opencv","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/opencv@4.2.0+dfsg-5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0+dfsg-5"}]}],"versions":["3.2.0+dfsg-6","3.2.0+dfsg-6build1","3.2.0+dfsg-6build2","4.1.2+dfsg-4ubuntu3","4.1.2+dfsg-5","4.2.0+dfsg-4"],"ecosystem_specific":{"binaries":[{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-calib3d-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-calib3d4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-calib3d4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-contrib-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-contrib4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-contrib4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-core-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-core4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-core4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-dev-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-dnn-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-dnn4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-dnn4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-features2d-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-features2d4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-features2d4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-flann-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-flann4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-flann4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-highgui-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-highgui4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-highgui4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgcodecs-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgcodecs4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgcodecs4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgproc-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgproc4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-imgproc4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-ml-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-ml4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-ml4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-objdetect-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-objdetect4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-objdetect4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-photo-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-photo4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-photo4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-shape-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-shape4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-shape4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-stitching-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-stitching4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-stitching4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-superres-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-superres4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-superres4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-ts-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-video-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-video4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-video4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videoio-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videoio4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videoio4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videostab-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videostab4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-videostab4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-viz-dev"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-viz4.2"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv-viz4.2-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv4.2-java"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv4.2-jni"},{"binary_version":"4.2.0+dfsg-5","binary_name":"libopencv4.2-jni-dbgsym"},{"binary_version":"4.2.0+dfsg-5","binary_name":"opencv-data"},{"binary_version":"4.2.0+dfsg-5","binary_name":"opencv-doc"},{"binary_version":"4.2.0+dfsg-5","binary_name":"python3-opencv"},{"binary_version":"4.2.0+dfsg-5","binary_name":"python3-opencv-dbgsym"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-5064.json"}},{"package":{"name":"opencv","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/opencv@4.5.4+dfsg-9ubuntu4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.4+dfsg-9ubuntu4"}]}],"versions":["4.5.3+dfsg-1ubuntu1","4.5.4+dfsg-9ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-calib3d-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-calib3d4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-calib3d4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-contrib-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-contrib4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-contrib4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-core-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-core4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-core4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-dev-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-dnn-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-dnn4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-dnn4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-features2d-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-features2d4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-features2d4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-flann-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-flann4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-flann4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-highgui-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-highgui4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-highgui4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgcodecs-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgcodecs4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgcodecs4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgproc-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgproc4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-imgproc4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-ml-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-ml4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-ml4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-objdetect-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-objdetect4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-objdetect4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-photo-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-photo4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-photo4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-shape-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-shape4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-shape4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-stitching-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-stitching4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-stitching4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-superres-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-superres4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-superres4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-video-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-video4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-video4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videoio-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videoio4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videoio4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videostab-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videostab4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-videostab4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-viz-dev"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-viz4.5d"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv-viz4.5d-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv4.5-java"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv4.5d-jni"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"libopencv4.5d-jni-dbgsym"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"opencv-data"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"opencv-doc"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"python3-opencv"},{"binary_version":"4.5.4+dfsg-9ubuntu4","binary_name":"python3-opencv-dbgsym"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-5064.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}