CVE-2025-53644 – OpenCV versions 4.10.0 and 4.11.0 contain an un... (How to Fix)

Q: What is the severity of CVE-2025-53644?

CVE-2025-53644 has a CVSS score of 9.8 (CRITICAL). OpenCV versions 4.10.0 and 4.11.0 contain an uninitialized pointer vulnerability (CWE-457) that allows arbitrary heap buffer writes when processing specially crafted JPEG images. This can lead to remote code execution or application crashes. Any system or application using these vulnerable OpenCV versions for JPEG image processing is affected.

📋 TL;DR

OpenCV versions 4.10.0 and 4.11.0 contain an uninitialized pointer vulnerability (CWE-457) that allows arbitrary heap buffer writes when processing specially crafted JPEG images. This can lead to remote code execution or application crashes. Any system or application using these vulnerable OpenCV versions for JPEG image processing is affected.

💻 Affected Systems

Products:

OpenCV

Versions: 4.10.0 through 4.11.0

Operating Systems: All platforms where OpenCV runs (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects JPEG image reading functionality. Applications must use OpenCV's image decoding features to be vulnerable.

📦 What is this software?

Opencv by Opencv

View all CVEs affecting Opencv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the OpenCV process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or memory corruption leading to unstable behavior.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented.

🌐 Internet-Facing: HIGH - Applications processing user-uploaded JPEG images from the internet are directly exposed.

🏢 Internal Only: MEDIUM - Internal systems processing JPEG images could be exploited through malicious internal uploads.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious JPEG file and getting it processed by vulnerable OpenCV code. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.12.0

Vendor Advisory: https://github.com/opencv/opencv/releases/tag/4.12.0

Restart Required: Yes

Instructions:

1. Upgrade OpenCV to version 4.12.0 or later. 2. Recompile any applications using OpenCV with the updated library. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Disable JPEG processing

all

Temporarily disable JPEG image processing in applications using OpenCV until patching is complete.

Application-specific configuration changes required

Input validation

linux

Implement strict validation of JPEG files before passing them to OpenCV for processing.

Use external tools like 'file' command or libmagic to verify JPEG integrity

🧯 If You Can't Patch

Implement network segmentation to isolate systems using vulnerable OpenCV versions.
Deploy application allowlisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check OpenCV version with 'pkg-config --modversion opencv4' or examine linked library versions in applications.

Check Version:

pkg-config --modversion opencv4

Verify Fix Applied:

Confirm OpenCV version is 4.12.0 or higher using version check commands.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing JPEG images
Memory access violation errors in application logs

Network Indicators:

Unusual outbound connections from applications processing images
Large volumes of JPEG uploads to vulnerable endpoints

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "access violation") AND "opencv"

📊 Metadata

CVE ID: CVE-2025-53644

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-457

EPSS Score: 0.07% exploit probability (21.7th percentile)

Published: July 17, 2025

Last Updated: October 17, 2025

🔗 References

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466 Patch
https://github.com/opencv/opencv/issues/27271 Issue Tracking
https://github.com/opencv/opencv/releases/tag/4.12.0 Release Notes
https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53644, you might also want to check these: