CVE-2023-2618

Published: May 10, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

Vendor	Product	Versions
OpenCV	wechat_qrcode Module	affected `4.0` affected `4.1` affected `4.2` affected `4.3` affected `4.4` +3 more versions

Weaknesses (CWE)

CWE-401

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://vuldb.com/?id.228548

vdb-entry

technical-description

https://vuldb.com/?ctiid.228548

signature

permissions-required

https://github.com/opencv/opencv_contrib/pull/3484

issue-tracking

https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6

issue-tracking

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-2618

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References