CVE-2025-53644 | THREATINT

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

PUBLISHED Reserved 2025-07-07 | Published 2025-07-17 | Updated 2025-09-26 | Assigner GitHub_M

MEDIUM: 6.6CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-457: Use of Uninitialized Variable

Product status

>= 4.10.0, < 4.12.0

affected

References

securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

github.com/opencv/opencv/issues/27271

github.com/...ommit/a39db41390de546d18962ee1278bd6dbb715f466

github.com/opencv/opencv/releases/tag/4.12.0

cve.org (CVE-2025-53644)

nvd.nist.gov (CVE-2025-53644)

Download JSON