OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak
CVE-2023-2618

7.5HIGH

Key Information:

Vendor

OpenCV

Status
wechat_qrcode Module
Vendor
CVE Published:
10 May 2023

What is CVE-2023-2618?

A memory leak vulnerability has been identified in the OpenCV wechat_qrcode Module affecting versions up to 4.7.0. This issue occurs within the DecodedBitStreamParser::decodeHanziSegment function, located in the qrcode/decoder/decoded_bit_stream_parser.cpp file. An attacker may exploit this vulnerability remotely, potentially leading to degraded system performance or resource exhaustion. To mitigate this risk, it is crucial to apply the available patch (commit ID: 2b62ff6181163eea029ed1cab11363b4996e9cd6) as soon as possible.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wechat_qrcode Module 4.0

wechat_qrcode Module 4.1

wechat_qrcode Module 4.2

References

https://vuldb.com/?id.228548
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228548
signaturepermissions-required
https://github.com/opencv/opencv_contrib/pull/3484
issue-tracking

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Linkai Zheng
NanoApe (VulDB User)
JSON
.