Releases40
Frequency2 months 6 days
Last Release
OpenCV is released under a BSD license and hence it's free for both academic and commercial use. It has C++, C, Python and Java interfaces and supports Windows, Linux, Mac OS, iOS and Android. OpenCV was designed for computational efficiency and with a strong focus on real-time applications. Written in optimized C/C++, the library can take advantage of multi-core processing. Enabled with OpenCL, it can take advantage of the hardware acceleration of the underlying heterogeneous compute platform. Adopted all around the world, OpenCV has more than 47 thousand people of user community and estimated number of downloads exceeding 9 million. Usage ranges from interactive art, to mines inspection, stitching maps on the web or through advanced robotics. ### Package Info This version is from the master branch of development, which is the cutting edge of OpenCV development. This package installs precompiled OpenCV binaries. This does not allow you to customize the features compiled into your installation. This download is about 185 MB. If you wish to customize the features compiled in your installation, then you must compile OpenCV yourself. This requires [Git](https://chocolatey.org/packages/git) and [CMake](https://chocolatey.org/packages/cmake). You can follow the instructions at [opencv.org](https://docs.opencv.org/master/d3/d52/tutorial_windows_install.html "OpenCV build tutorial") to build using [Microsoft Visual Studio](https://chocolatey.org/packages/visualstudio2017community "Visual Studio Chocolatey Package"). ### Package Parameters Pass the package argument /InstallationPath to set where OpenCV will unzip itself. Left alone, it will unzip in your Chocolatey Tools directory. Remember, it will always unzip itself to a new folder called \opencv in the directory you chose. Pass the package argument /Environment to add OpenCV to your user environment variables, which may or may not be necessary depending on your specific needs. Check the installation guide on OpenCV's website to determine the precise directory structure you want to add to your path. The OPENCV\_DIR variable will be created/replaced, and Path will be appended with %OPENCV\_DIR%\bin. #### Examples Add the install path to your environment: ```choco install opencv --package-parameters '/Environment'``` Install to a specific directory: ```choco install opencv --package-parameters '/InstallationPath:'C:\test'``` Install to a specific directory and add to your environment: ```choco install opencv --package-parameters '/InstallationPath:'C:\test' /Environment'```

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= *, >= 4.10.0, < 4.12.09.8 CRITICAL

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

= *, >= 4.5.2, < 4.8.05.3 MEDIUM5 MEDIUM

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

= *, >= 4.5.2, <= 4.7.05.3 MEDIUM5 MEDIUM

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

= 4.1.08.8 HIGH6.8 MEDIUM

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

>= 4.0.0, < 4.2.08.8 HIGH6.8 MEDIUM

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.

< 4.1.16.5 MEDIUM6.4 MEDIUM

An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.

= 4.1.15.3 MEDIUM5 MEDIUM

OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.

<= 4.1.05.9 MEDIUM4.3 MEDIUM

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

>= 4.0.0, < 4.1.1, < 3.4.76.4 MEDIUM

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

>= 4.0.0, < 4.1.1, < 3.4.77.5 HIGH5 MEDIUM

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

< 4.1.17.5 HIGH5 MEDIUM

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.