CVE-2025-53644 MEDIUM

CVE-2025-53644: OpenCV contains a use after free buffer write due to an uninitialized pointer

Vendor Opencv
Product opencv
Weakness CWE-457
Published July 17, 2025
Last update September 26, 2025

CVSS base score

6.6/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

Key dates

02Disclosure timeline

July 17, 2025 CVE published
September 26, 2025 Record updated