CVE-2019-15939

Description

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

How to fix CVE-2019-15939

To remediate CVE-2019-15939, upgrade the affected package to a fixed version below.

• Debian/opencv—upgrade to 4.1.2+dfsg-3 or later
• PyPI/opencv-contrib-python—upgrade to 4.1.1.26 or later
• —upgrade to 4.1.1.26 or later
• —upgrade to 4.1.1.26 or later
• —upgrade to 4.1.1.26 or later

Is CVE-2019-15939 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (5)

• from 0, < 4.1.2+dfsg-3
• from 0, < 4.1.1.26
• from 0, < 4.1.1.26
• from 0, < 4.1.1.26
• from 0, < 4.1.1.26

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-15939
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-15939
• PATCHgithub.com/opencv/opencv-python
• WEBlists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html
• WEB