PYSEC-2023-174 – imagecodecs

Package

Manager: pip
Name: imagecodecs
Vulnerable Version: =2018.10.10 || =2018.10.18 || =2018.10.22 || =2018.10.28 || =2018.10.30 || =2018.11.8 || =2018.12.1 || =2018.12.12 || =2018.12.16 || =2019.1.1 || =2019.1.14 || =2019.11.18 || =2019.11.28 || =2019.11.5 || =2019.12.31 || =2019.2.2 || =2019.2.20 || =2019.2.22 || =2019.4.20 || =2020.1.31 || =2020.12.24 || =2020.2.18 || =2020.5.30 || =2021.1.11 || =2021.1.28 || =2021.11.11 || =2021.11.20 || =2021.2.26 || =2021.3.31 || =2021.4.28 || =2021.6.8 || =2021.7.30 || =2021.8.26 || =2022.12.22 || =2022.12.24 || =2022.2.22 || =2022.7.27 || =2022.7.31 || =2022.8.8 || =2022.9.26 || =2023.1.23 || =2023.3.16 || =2023.7.10 || =2023.7.4 || =2023.8.12 || =2023.9.4 || >=0 <2023.9.18

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.

Metadata

Created: 2023-09-20T05:31:28.958082Z
Modified: 2023-09-20T05:12:42.403706Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F448
Auto approve: 1