{"url":"http://public2.vulnerablecode.io/api/packages/50930?format=json","purl":"pkg:pypi/opencv-contrib-python@4.1.2.30","type":"pypi","namespace":"","name":"opencv-contrib-python","version":"4.1.2.30","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.8.1.78","latest_non_vulnerable_version":"4.8.1.78","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37350?format=json","vulnerability_id":"VCID-58aj-jc6y-dqcg","summary":"opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.","references":[{"reference_url":"https://github.com/opencv/opencv/pull/24274","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/pull/24274"},{"reference_url":"https://github.com/opencv/opencv/wiki/ChangeLog#version481","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/wiki/ChangeLog#version481"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50952?format=json","purl":"pkg:pypi/opencv-contrib-python@4.8.1.78","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.8.1.78"}],"aliases":["PYSEC-2023-181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58aj-jc6y-dqcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41559?format=json","vulnerability_id":"VCID-jypn-sttp-tkgm","summary":"Out-of-bounds Write\nAn exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","references":[{"reference_url":"https://github.com/opencv/opencv/issues/15857","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/issues/15857"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/32","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv-python/releases/tag/32"},{"reference_url":"https://github.com/opencv/opencv/releases/tag/4.2.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/releases/tag/4.2.0"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853","reference_id":"","reference_type":"","scores":[],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5064","reference_id":"CVE-2019-5064","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5064"},{"reference_url":"https://github.com/advisories/GHSA-q799-q27x-vp7w","reference_id":"GHSA-q799-q27x-vp7w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q799-q27x-vp7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50931?format=json","purl":"pkg:pypi/opencv-contrib-python@4.2.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-58aj-jc6y-dqcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.2.0.32"}],"aliases":["CVE-2019-5064","GHSA-q799-q27x-vp7w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jypn-sttp-tkgm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41569?format=json","vulnerability_id":"VCID-h7gk-61kp-8ygz","summary":"Out-of-bounds Read\nOpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752702","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752702"},{"reference_url":"https://github.com/opencv/opencv/issues/15481","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/issues/15481"},{"reference_url":"https://github.com/opencv/opencv/pull/15531","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv/pull/15531"},{"reference_url":"https://github.com/opencv/opencv-python/releases/tag/30","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/opencv/opencv-python/releases/tag/30"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16249","reference_id":"CVE-2019-16249","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16249"},{"reference_url":"https://github.com/advisories/GHSA-x3rm-644h-67m8","reference_id":"GHSA-x3rm-644h-67m8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x3rm-644h-67m8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50930?format=json","purl":"pkg:pypi/opencv-contrib-python@4.1.2.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-58aj-jc6y-dqcg"},{"vulnerability":"VCID-jypn-sttp-tkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.2.30"}],"aliases":["CVE-2019-16249","GHSA-x3rm-644h-67m8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7gk-61kp-8ygz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/opencv-contrib-python@4.1.2.30"}