CVE-2023-2618: 
NixOS vulnerability analysis and mitigation

A memory leak vulnerability (CVE-2023-2618) was discovered in OpenCV wechatqrcode Module affecting versions up to 4.7.0. The vulnerability specifically affects the DecodedBitStreamParser::decodeHanziSegment function in the file qrcode/decoder/decodedbitstreamparser.cpp. The issue was disclosed on May 10, 2023, and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (NVD).

The vulnerability is caused by improper memory management in the DecodedBitStreamParser::decodeHanziSegment function of the wechat_qrcode module. The issue occurs during the processing of QR codes, specifically when handling Hanzi segments. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely without requiring privileges or user interaction (NVD).

If exploited, this vulnerability could lead to memory leaks in the application, potentially resulting in resource exhaustion and denial of service conditions. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD).

A patch has been released to address this vulnerability, identified by commit 2b62ff6181163eea029ed1cab11363b4996e9cd6. Users are recommended to upgrade to a patched version of OpenCV. The fix involves proper memory management in the DecodedBitStreamParser::decodeHanziSegment function (GitHub PR).