{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53644", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-07T14:20:38.391Z", "datePublished": "2025-07-17T17:58:26.493Z", "dateUpdated": "2025-09-26T21:56:54.102Z"}, "containers": {"cna": {"title": "OpenCV contains a use after free buffer write due to an uninitialized pointer", "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "lang": "en", "description": "CWE-457: Use of Uninitialized Variable", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"}, {"name": "https://github.com/opencv/opencv/issues/27271", "tags": ["x_refsource_MISC"], "url": "https://github.com/opencv/opencv/issues/27271"}, {"name": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466", "tags": ["x_refsource_MISC"], "url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"}, {"name": "https://github.com/opencv/opencv/releases/tag/4.12.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/opencv/opencv/releases/tag/4.12.0"}], "affected": [{"vendor": "opencv", "product": "opencv", "versions": [{"version": ">= 4.10.0, < 4.12.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-26T21:56:54.102Z"}, "descriptions": [{"lang": "en", "value": "OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."}], "source": {"advisory": "GHSA-cx4p-78p4-x7g7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-17T20:23:04.773825Z", "id": "CVE-2025-53644", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:23:19.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53644", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-17T20:23:04.773825Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:23:15.553Z"}}], "cna": {"title": "OpenCV contains a use after free buffer write due to an uninitialized pointer", "source": {"advisory": "GHSA-cx4p-78p4-x7g7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "opencv", "product": "opencv", "versions": [{"status": "affected", "version": ">= 4.10.0, < 4.12.0"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/", "name": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/opencv/opencv/issues/27271", "name": "https://github.com/opencv/opencv/issues/27271", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466", "name": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/opencv/opencv/releases/tag/4.12.0", "name": "https://github.com/opencv/opencv/releases/tag/4.12.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-26T21:56:54.102Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53644", "state": "PUBLISHED", "dateUpdated": "2025-09-26T21:56:54.102Z", "dateReserved": "2025-07-07T14:20:38.391Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-17T17:58:26.493Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C4ED38-FCE8-4397-8592-C50198E76BE7", "versionEndExcluding": "4.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability."}, {"lang": "es", "value": "OpenCV es una librer\u00eda de c\u00f3digo abierto para visi\u00f3n artificial. Las versiones anteriores a la 4.12.0 tienen una variable de puntero sin inicializar en la pila que puede provocar escrituras arbitrarias en el b\u00fafer del mont\u00f3n al leer im\u00e1genes JPEG manipuladas. La versi\u00f3n 4.12.0 corrige esta vulnerabilidad."}], "id": "CVE-2025-53644", "lastModified": "2025-09-26T22:15:33.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-17T18:15:27.913", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/opencv/opencv/issues/27271"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/opencv/opencv/releases/tag/4.12.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "opencv: OpenCV use after free", "id": "2381763", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381763"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-457", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-53644", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "opencv", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "opencv", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "opencv", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2025-07-17T17:58:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-53644\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-53644\nhttps://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466\nhttps://github.com/opencv/opencv/issues/27271\nhttps://github.com/opencv/opencv/releases/tag/4.12.0\nhttps://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/"], "threat_severity": "Important"}

{"created": "2025-07-21T15:17:16.898648+00:00", "updated": "2025-07-21T15:17:16.898715+00:00", "vendors": ["opencv", "opencv$PRODUCT$opencv"]}