How severe is CVE-2025-53644?

CVE-2025-53644 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-53644

Name: opencv
Author: opencv

9.8CRITICAL

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG imag

Publicado: 7/17/2025Actualizado: 10/17/2025

Descripción

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

Análisis IAImpulsado por IA

Productos Afectados

opencvopencv

Referencias

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466
Patch
https://github.com/opencv/opencv/issues/27271
Issue Tracking
https://github.com/opencv/opencv/releases/tag/4.12.0
Release Notes
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
ExploitThird Party Advisory