An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
https://github.com/opencv/opencv/issues/15857
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853