VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-8w9p-vt3f-yqft

Vulnerability ID	VCID-8w9p-vt3f-yqft
Aliases	GHSA-94vc-p8w7-5p49 GMS-2023-3131
Summary	Bundled libwebp in imagecodecs vulnerable imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that is vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst
		https://github.com/pypa/advisory-database/tree/main/vulns/imagecodecs/PYSEC-2023-174.yaml
GHSA-94vc-p8w7-5p49		https://github.com/advisories/GHSA-94vc-p8w7-5p49

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:45:55.912386+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/imagecodecs/GMS-2023-3131.yml	38.6.0