What is the severity of USN-4818-1?

The severity of USN-4818-1 is considered high due to its potential for denial of service and possible arbitrary code execution.

How do I fix USN-4818-1?

To fix USN-4818-1, upgrade the affected packages to version 3.2.0+dfsg-4ubuntu0.1+esm3 or later.

Which packages are affected by USN-4818-1?

The affected packages include libopencv-imgcodecs3.2, libopencv-video3.2, libopencv-flann3.2, and others within the OpenCV suite on Ubuntu 18.04.

Can USN-4818-1 affect the security of my system?

Yes, USN-4818-1 can potentially lead to a denial of service or arbitrary code execution, compromising system security.

Is there a workaround for USN-4818-1 until I can apply a patch?

There is no officially recommended workaround for USN-4818-1; applying the security patch is the best course of action.

Vulnerability/
USN-4818-1

CWE

119 476

28/9/2022

USN-4818-1: OpenCV vulnerabilities

First published: Wed Sep 28 2022(Updated: )

It was discovered that OpenCV did not properly manage certain objects, leading to a divide-by-zero. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15939) It was discovered that OpenCV did not properly manage certain files, leading to an out of bounds read. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492) It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-14493) It was discovered that OpenCV did not properly manage certain files, leading to a heap-based buffer overflow. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2017-18009)

Affected Software	Affected Version	How to fix
All of
ubuntu/libopencv-imgcodecs3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-video3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-flann3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-stitching3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-imgproc3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-videoio3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-viz3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-photo3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv3.2-jni	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-superres3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-objdetect3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-ml3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-dev	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-calib3d3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-shape3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-highgui3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-features2d3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-core3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-contrib3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-videostab3.2	<3.2.0+dfsg-4ubuntu0.1+esm3	3.2.0+dfsg-4ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libopencv-ml2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-contrib2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-flann2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-highgui2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-ocl2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-photo2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-objdetect2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-superres2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-video2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-features2d2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-videostab2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-ts2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-legacy2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-gpu2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-core2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv2.4-jni	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-imgproc2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-stitching2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-calib3d2.4v5	<2.4.9.1+dfsg-1.5ubuntu1.1+esm1	2.4.9.1+dfsg-1.5ubuntu1.1+esm1
Ubuntu	=16.04
All of
ubuntu/libopencv-superres2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-ts2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-video2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-flann2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-gpu2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-imgproc2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-stitching2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-objdetect2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-ml2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv2.4-jni	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-calib3d2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-contrib2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-highgui2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-photo2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-features2d2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-legacy2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-core2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-ocl2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04
All of
ubuntu/libopencv-videostab2.4	<2.4.8+dfsg1-2ubuntu1.2+esm1	2.4.8+dfsg1-2ubuntu1.2+esm1
Ubuntu	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-4818-1?
The severity of USN-4818-1 is considered high due to its potential for denial of service and possible arbitrary code execution.
How do I fix USN-4818-1?
To fix USN-4818-1, upgrade the affected packages to version 3.2.0+dfsg-4ubuntu0.1+esm3 or later.
Which packages are affected by USN-4818-1?
The affected packages include libopencv-imgcodecs3.2, libopencv-video3.2, libopencv-flann3.2, and others within the OpenCV suite on Ubuntu 18.04.
Can USN-4818-1 affect the security of my system?
Yes, USN-4818-1 can potentially lead to a denial of service or arbitrary code execution, compromising system security.
Is there a workaround for USN-4818-1 until I can apply a patch?
There is no officially recommended workaround for USN-4818-1; applying the security patch is the best course of action.

agent/source
agent/title
agent/last-modified-date
agent/type
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/references
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu linux
version/ubuntu linux/18.04
version/ubuntu linux/16.04
version/ubuntu linux/14.04

USN-4818-1: OpenCV vulnerabilities

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the severity of USN-4818-1?

How do I fix USN-4818-1?

Which packages are affected by USN-4818-1?

Can USN-4818-1 affect the security of my system?

Is there a workaround for USN-4818-1 until I can apply a patch?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of USN-4818-1?

How do I fix USN-4818-1?

Which packages are affected by USN-4818-1?

Can USN-4818-1 affect the security of my system?

Is there a workaround for USN-4818-1 until I can apply a patch?