VulnerableCode Package Details - pkg:pypi/opencv-contrib-python-headless@4.2.0.32

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/opencv-contrib-python-headless@4.2.0.32

purl	pkg:pypi/opencv-contrib-python-headless@4.2.0.32

Next non-vulnerable version	4.8.1.78
Latest non-vulnerable version	4.8.1.78
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-qn1c-mtud-5kbq Aliases: PYSEC-2023-182	opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.	4.8.1.78 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-jypn-sttp-tkgm	Out-of-bounds Write An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.	CVE-2019-5064 GHSA-q799-q27x-vp7w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:25:17.175454+00:00	GithubOSV Importer	Fixing	VCID-jypn-sttp-tkgm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-q799-q27x-vp7w/GHSA-q799-q27x-vp7w.json	38.6.0
2026-06-02T04:40:09.994089+00:00	GitLab Importer	Fixing	VCID-jypn-sttp-tkgm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/opencv-contrib-python-headless/CVE-2019-5064.yml	38.6.0
2026-06-02T04:25:20.503829+00:00	Pypa Importer	Affected by	VCID-qn1c-mtud-5kbq	https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python-headless/PYSEC-2023-182.yaml	38.6.0