VulnerableCode Package Details - pkg:pypi/opencv-contrib-python@4.2.0.32

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/opencv-contrib-python@4.2.0.32

Essentials
History (2)

purl	pkg:pypi/opencv-contrib-python@4.2.0.32

Next non-vulnerable version	4.8.1.78
Latest non-vulnerable version	4.8.1.78
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-58aj-jc6y-dqcg Aliases: PYSEC-2023-181	opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.	4.8.1.78 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-jypn-sttp-tkgm	Out-of-bounds Write An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.	CVE-2019-5064 GHSA-q799-q27x-vp7w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:40:09.566980+00:00	GitLab Importer	Fixing	VCID-jypn-sttp-tkgm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/opencv-contrib-python/CVE-2019-5064.yml	38.6.0
2026-06-02T04:25:21.188829+00:00	Pypa Importer	Affected by	VCID-58aj-jc6y-dqcg	https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2023-181.yaml	38.6.0