{"id":"CVE-2019-14491","details":"An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered\u003ccv::HaarEvaluator\u003e in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.","aliases":["GHSA-fm39-cw8h-3p63"],"modified":"2026-04-16T01:43:39.185226627Z","published":"2019-08-01T17:15:13.453Z","related":["SUSE-SU-2019:3192-1","SUSE-SU-2019:3192-2","openSUSE-SU-2019:2671-1","openSUSE-SU-2024:11115-1","openSUSE-SU-2024:11116-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ/"},{"type":"ADVISORY","url":"https://github.com/opencv/opencv/compare/33b765d...4a7ca5a"},{"type":"ADVISORY","url":"https://github.com/opencv/opencv/compare/371bba8...ddbd10c"},{"type":"EVIDENCE","url":"https://github.com/opencv/opencv/issues/15125"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencv/opencv","events":[{"introduced":"0"},{"fixed":"4a7ca5a291038a773ea0b67eaf6fbed9ad72170b"},{"introduced":"e6d9486a6cb3379a0eeb59bd405bea3125ea364d"},{"fixed":"693877212d34f2d5e3bbf29287aa1db2d07d4d6d"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"3.4.7"},{"introduced":"4.0.0"},{"fixed":"4.1.1"}]}}],"versions":["2.2","3.2.0-rc","3.3.0-rc","3.4.0-rc"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/opencv/opencv/commit/693877212d34f2d5e3bbf29287aa1db2d07d4d6d","id":"CVE-2019-14491-f4b69b89","digest":{"line_hashes":["324810334612706110929790317977131335514","283354122908894961945064184555133515053","29337495017562247810249731437058366319","15156896965861494906414910206189503336"],"threshold":0.9},"deprecated":false,"signature_type":"Line","signature_version":"v1","target":{"file":"modules/videoio/src/backend_plugin.cpp"}}],"vanir_signatures_modified":"2026-04-11T21:45:40Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14491.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}]}