opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.

References

github.com/opencv/opencv/pull/24274

github.com/opencv/opencv/wiki/ChangeLog#version481

nvd.nist.gov/vuln/detail/CVE-2023-4863

openvas 44

nessus 69

alpinelinux 1

debiancve 1

osv 26

almalinux 5

cloudfoundry 1

ibm 2

amazon 4

debian 7

github 6

hivepro 1

githubexploit 2

wolfi 1

cbl_mariner 1

oraclelinux 4

cisa_kev 1

gitlab 2

rocky 2

redos 1

ics 1

ubuntucve 1

mscve 1

redhatcve 1

slackware 2

veracode 2

redhat 1

ubuntu 3

chrome 1

kaspersky 1

thn 1

fedora 1

freebsd 1

cnvd 1

openvas

Debian: Security Advisory (DLA-3570-1)

2023-09-19 00:00:00

Ubuntu: Security Advisory (USN-6369-2)

2023-09-28 00:00:00

Ubuntu: Security Advisory (USN-6369-1)

2023-09-15 00:00:00

nessus

CentOS 9 : libwebp-1.2.0-8.el9

2024-02-29 00:00:00

EulerOS 2.0 SP11 : libwebp (EulerOS-SA-2023-3248)

2024-01-16 00:00:00

Google Chrome < 116.0.5845.187 Vulnerability

2023-09-11 00:00:00

alpinelinux

CVE-2023-4863

2023-09-12 15:15:24

debiancve

CVE-2023-4863

2023-09-12 15:15:24

osv

thunderbird - security update

2023-09-17 00:00:00

PYSEC-2023-184

2023-09-29 21:31:48

Important: libwebp security update

2023-09-26 13:26:19

almalinux

Important: thunderbird security update

2023-09-19 00:00:00

Important: thunderbird security update

2023-09-18 00:00:00

Important: libwebp security update

2023-09-19 00:00:00

cloudfoundry

USN-6369-1: libwebp vulnerability | Cloud Foundry

2023-10-12 00:00:00

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

2023-10-20 09:35:15

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.0 has addressed a security vulnerability (CVE-2023-4863)

2023-11-29 22:25:21

amazon

Important: qt5-qtimageformats

2023-11-09 19:19:00

Important: thunderbird

2023-10-12 15:08:00

Important: libwebp12

2023-10-12 15:08:00

debian

[SECURITY] [DLA 3569-1] thunderbird security update

2023-09-17 09:42:33

[SECURITY] [DSA 5497-1] libwebp security update

2023-09-13 21:07:56

[SECURITY] [DSA 5497-2] libwebp security update

2023-09-17 15:33:28

github

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

2024-08-30 23:37:19

libwebp: OOB write in BuildHuffmanTable

2023-09-12 15:30:20

Bundled libwebp in pywebp vulnerable

2023-10-06 16:59:22

hivepro

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

2023-09-12 13:05:09

githubexploit

Exploit for Out-of-bounds Write in Google Chrome

2023-10-05 03:28:23

Exploit for Out-of-bounds Write in Google Chrome

2024-02-03 12:27:37

wolfi

CVE-2023-4863 vulnerabilities

2024-09-28 21:12:41

cbl_mariner

CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1

2023-10-04 16:53:46

oraclelinux

firefox security update

2023-09-19 00:00:00

firefox security update

2023-09-19 00:00:00

thunderbird security update

2023-09-19 00:00:00

cisa_kev

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

2023-09-13 00:00:00

gitlab

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

CefSharp affected by heap buffer overflow in WebP

2023-09-21 00:00:00

rocky

libwebp security update

2023-09-26 13:26:19

firefox security update

2023-09-19 12:09:00

redos

ROS-20230920-03

2023-09-20 00:00:00

ics

Siemens Mendix Studio Pro

2023-11-16 12:00:00

ubuntucve

CVE-2023-4863

2023-09-12 00:00:00

mscve

Chromium: CVE-2023-4863 Heap buffer overflow in WebP

2023-09-12 07:00:47

redhatcve

CVE-2023-4863

2023-09-14 14:24:56

slackware

[slackware-security] libwebp

2023-09-14 21:21:47

[slackware-security] seamonkey

2023-09-21 19:43:16

veracode

Heap Buffer Overflow

2023-09-19 21:25:54

Heap Buffer Overflow

2023-09-15 13:45:13

redhat

(RHSA-2023:5222) Important: libwebp security update

2023-09-19 07:11:07

ubuntu

libwebp vulnerability

2023-09-14 00:00:00

libwebp vulnerability

2023-09-28 00:00:00

Firefox vulnerability

2023-09-14 00:00:00

chrome

Stable Channel Update for Desktop

2023-09-11 00:00:00

kaspersky

KLA60003 DoS vulnerability in Google Chrome

2023-09-11 00:00:00

thn

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

2023-09-13 01:50:00

fedora

[SECURITY] Fedora 38 Update: libwebp-1.3.1-3.fc38

2023-09-15 01:43:00

freebsd

libwebp heap buffer overflow

2023-09-12 00:00:00

cnvd

Google Chrome Buffer Overflow Vulnerability (CNVD-2023-71680)

2023-09-15 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.629

Percentile

97.9%

JSON

Related for OSV:PYSEC-2023-181