CVE-2025-53644

CVE-2025-53644

Name

CVE-2025-53644

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466
MISC	https://github.com/opencv/opencv/issues/27271
MISC	https://github.com/opencv/opencv/releases/tag/4.12.0
CONFIRM	https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

Type

URI

MISC

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466

MISC

https://github.com/opencv/opencv/issues/27271

MISC

https://github.com/opencv/opencv/releases/tag/4.12.0

CONFIRM

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

Match rules

CPE URI	Source package	Min version	Max version
	opencv	>= 0	< 4.12.0
`cpe:2.3:a:opencv:opencv::::::::`	opencv	>= None	< 4.12.0
`cpe:2.3:a:opencv:opencv::::::::`	opencv	>= 4.10.0	< 4.12.0

CPE URI

Source package

Min version

Max version

opencv

>= 0

< 4.12.0

cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*

opencv

>= None

< 4.12.0

cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*

opencv

>= 4.10.0

< 4.12.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opencv	edge-community	4.11.0-r0	Meng Zhuo <mengzhuo@iscas.ac.cn>	possibly vulnerable
opencv	edge-community	4.10.0-r4	Meng Zhuo <mengzhuo@iscas.ac.cn>	possibly vulnerable
opencv	edge-community	4.10.0-r3	Meng Zhuo <mengzhuo@iscas.ac.cn>	possibly vulnerable
opencv	edge-community	4.10.0-r2	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
opencv	3.22-community	4.11.0-r0	Meng Zhuo <mengzhuo@iscas.ac.cn>	possibly vulnerable
opencv	3.22-community	4.10.0-r3	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

opencv

edge-community

4.11.0-r0

Meng Zhuo <mengzhuo@iscas.ac.cn>

possibly vulnerable

opencv

edge-community