CVE-2023-2617

Published: May 10, 2023

Modified: Jan 27, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

Vendor	Product	Versions
OpenCV	wechat_qrcode Module	affected `4.0` affected `4.1` affected `4.2` affected `4.3` affected `4.4` +3 more versions

Weaknesses (CWE)

CWE-476

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://vuldb.com/?id.228547

vdb-entry

technical-description

https://vuldb.com/?ctiid.228547

signature

permissions-required

https://github.com/opencv/opencv_contrib/pull/3480

issue-tracking

patch

https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-2617

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References