CVE-2025-53644

Summary

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

Affected Software

VendorProductVersion RangeStatus
opencvopencv>= 4.10.0, < 4.12.0affected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References