CVE-2023-39010: Improper Control of Generation of Code ('Code Injection')

July 28, 2023 (updated August 3, 2023)

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.

References

github.com/advisories/GHSA-99p5-qpqx-mhwc
github.com/lessthanoptimal/BoofCV/commit/0da6139ff69fd5a49359854ab01935d06c7f5aac
github.com/lessthanoptimal/BoofCV/issues/406
nvd.nist.gov/vuln/detail/CVE-2023-39010

Detect and mitigate CVE-2023-39010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →