{"id":"CVE-2019-19624","details":"An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.","aliases":["GHSA-jggw-2q6g-c3m6"],"modified":"2026-05-18T15:11:48.731101Z","published":"2019-12-06T15:15:10.330Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-19624"},{"type":"REPORT","url":"https://github.com/opencv/opencv/issues/14554"},{"type":"FIX","url":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencv/opencv","events":[{"introduced":"0"},{"fixed":"693877212d34f2d5e3bbf29287aa1db2d07d4d6d"},{"fixed":"d1615ba11a93062b1429fce9f0f638d1572d3418"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"4.1.1"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*"}}],"versions":["3.4.0-rc","3.3.0-rc","3.2.0-rc","2.2"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1","id":"CVE-2019-19624-0d107a39","target":{"file":"modules/video/src/dis_flow.cpp","function":"DISOpticalFlowImpl::ocl_calc"},"digest":{"function_hash":"162139554431137049292270821388345923312","length":2056},"signature_type":"Function","deprecated":false},{"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1","id":"CVE-2019-19624-96afccd4","target":{"file":"modules/video/test/test_OF_accuracy.cpp"},"digest":{"threshold":0.9,"line_hashes":["292434262406728731628828372549760652021","211662216980639316321159698469647860942","304814111594908040081152956091489419567"]},"signature_type":"Line","deprecated":false},{"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1","id":"CVE-2019-19624-a9be7788","target":{"file":"modules/video/src/dis_flow.cpp"},"digest":{"threshold":0.9,"line_hashes":["241788169997656428846655581691109904689","295014261042212085194381057829810711030","281486234171086797679885502900928839897","328542092674003222271231465336406420140","15362431844559001884177702219153463341","280100629722678420229231097710457023239","278991730339888761006996892097494869265","181863082256781215470609415054293150793","50647401497426498578065211537922309543","27580502085172621736855882366216454318","83076456701604978161207366164177336379","130223734785722942024318727136227919293","318996292682408027751279023705159956127","119572132128094897544301786694778489151","179506427962028627853688607253703072201","130669332271978750733384204798221200980","2567042413751246471380210352254762735"]},"signature_type":"Line","deprecated":false},{"source":"https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418","signature_version":"v1","id":"CVE-2019-19624-cd2ad34c","target":{"file":"modules/video/src/dis_flow.cpp","function":"DISOpticalFlowImpl::calc"},"digest":{"function_hash":"194708317682258746355058615638866463711","length":2561},"signature_type":"Function","deprecated":false},{"source":"https://github.com/opencv/opencv/commit/693877212d34f2d5e3bbf29287aa1db2d07d4d6d","signature_version":"v1","id":"CVE-2019-19624-f4b69b89","target":{"file":"modules/videoio/src/backend_plugin.cpp"},"digest":{"threshold":0.9,"line_hashes":["324810334612706110929790317977131335514","283354122908894961945064184555133515053","29337495017562247810249731437058366319","15156896965861494906414910206189503336"]},"signature_type":"Line","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19624.json","vanir_signatures_modified":"2026-05-18T15:11:48Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/opencv/opencv_contrib","events":[{"introduced":"0"},{"fixed":"0915b7eaddba3c06d83e201c9a7595e73801f417"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"4.1.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*"}}],"versions":["4.1.0","4.0.1","4.0.0","4.0.0-rc","4.0.0-beta","4.0.0-alpha","3.4.1","3.4.0","3.3.1","3.3.0","3.3.0-rc","3.2.0","3.2.0-rc","3.1.0","3.0.0","3.0.0-rc1","3.0.0-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19624.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}