PYSEC-2023-184 – opencv-python-headless

Package

Manager: pip
Name: opencv-python-headless
Vulnerable Version: =3.4.10.35 || =3.4.10.37 || =3.4.11.39 || =3.4.11.41 || =3.4.11.43 || =3.4.11.45 || =3.4.13.47 || =3.4.14.51 || =3.4.14.53 || =3.4.15.55 || =3.4.16.57 || =3.4.16.59 || =3.4.17.61 || =3.4.17.63 || =3.4.18.65 || =3.4.2.17 || =3.4.3.18 || =3.4.4.19 || =3.4.5.20 || =3.4.6.27 || =3.4.7.28 || =3.4.8.29 || =3.4.9.33 || =4.0.0.21 || =4.0.1.24 || =4.1.0.25 || =4.1.1.26 || =4.1.2.30 || =4.2.0.32 || =4.2.0.34 || =4.3.0.36 || =4.3.0.38 || =4.4.0.40 || =4.4.0.42 || =4.4.0.44 || =4.4.0.46 || =4.5.1.48 || =4.5.2.52 || =4.5.2.54 || =4.5.3.56 || =4.5.4.58 || =4.5.4.60 || =4.5.5.62 || =4.5.5.64 || =4.6.0.66 || =4.7.0.68 || =4.7.0.72 || =4.8.0.74 || =4.8.0.76 || >=0 <4.8.1.78

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.

Metadata

Created: 2023-09-29T21:31:48.680922Z
Modified: 2023-09-29T21:15:27.980982Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F448
Auto approve: 1