Lucene search

K
githubGitHub Advisory DatabaseGHSA-W2PJ-9CGH-MQ2C
HistoryAug 30, 2024 - 11:37 p.m.

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

2024-08-3023:37:14
CWE-787
GitHub Advisory Database
github.com
14
opencv
python
headless
vulnerable
cve-2023-4863
libwebp
binaries.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.629

Percentile

97.9%

opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.

Affected configurations

Vulners
Node
opencv-contrib-python-headlessRange04.8.1.78
VendorProductVersionCPE
*opencv-contrib-python-headless*cpe:2.3:a:*:opencv-contrib-python-headless:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.629

Percentile

97.9%