CVE-2025-53644CRITICAL 9.8EPSS p28.8%

CVE-2025-53644CVE-2025-53644

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.8% · 2026-06-19T12:03:05Z
Published2025-07-17
Last modified2025-10-17

Underlying weaknesses· 1

CWE-457

References

  1. https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466
  2. https://github.com/opencv/opencv/issues/27271
  3. https://github.com/opencv/opencv/releases/tag/4.12.0
  4. https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

1

TypeTargetConfidenceTier
WeaknessUse of Uninitialized Variablecwe-4570%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54874
CVE
CVE-2026-21413
CVE
CVE-2026-24450
CVE
CVE-2025-44904
CVE
CVE-2026-46559
CVE
CVE-2025-43961
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.