PYSEC-2023-181 – opencv-contrib-python

Package

Manager: pip
Name: opencv-contrib-python
Vulnerable Version: =3.1.0.0 || =3.2.0.7 || =3.2.0.8 || =3.3.0.10 || =3.3.0.9 || =3.3.1.11 || =3.4.0.12 || =3.4.0.14 || =3.4.1.15 || =3.4.10.35 || =3.4.10.37 || =3.4.11.39 || =3.4.11.41 || =3.4.11.43 || =3.4.11.45 || =3.4.13.47 || =3.4.14.51 || =3.4.14.53 || =3.4.15.55 || =3.4.16.57 || =3.4.16.59 || =3.4.17.61 || =3.4.17.63 || =3.4.18.65 || =3.4.2.16 || =3.4.2.17 || =3.4.3.18 || =3.4.4.19 || =3.4.5.20 || =3.4.6.27 || =3.4.7.28 || =3.4.8.29 || =3.4.9.31 || =3.4.9.33 || =4.0.0.21 || =4.0.1.23 || =4.0.1.24 || =4.1.0.25 || =4.1.1.26 || =4.1.2.30 || =4.2.0.32 || =4.2.0.34 || =4.3.0.36 || =4.3.0.38 || =4.4.0.40 || =4.4.0.42 || =4.4.0.44 || =4.4.0.46 || =4.5.1.48 || =4.5.2.52 || =4.5.2.54 || =4.5.3.56 || =4.5.4.58 || =4.5.4.60 || =4.5.5.62 || =4.5.5.64 || =4.6.0.66 || =4.7.0.68 || =4.7.0.72 || =4.8.0.74 || =4.8.0.76 || >=0 <4.8.1.78

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.

Metadata

Created: 2023-09-29T21:31:46.267509Z
Modified: 2023-09-29T21:15:27.924031Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F120
Auto approve: 1