{"id":"PYSEC-2023-183","details":"opencv-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.","modified":"2026-02-04T03:38:11.038220Z","published":"2023-09-29T21:31:40.016332Z","related":["CVE-2023-4863"],"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"},{"type":"ADVISORY","url":"https://github.com/opencv/opencv/wiki/ChangeLog#version481"},{"type":"FIX","url":"https://github.com/opencv/opencv/pull/24274"}],"affected":[{"package":{"name":"opencv-python","ecosystem":"PyPI","purl":"pkg:pypi/opencv-python"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.8.1.78"}]}],"versions":["3.2.0.8","3.3.0.10","3.3.0.9","3.3.1.11","3.4.0.12","3.4.0.14","3.4.1.15","3.4.10.35","3.4.10.37","3.4.11.39","3.4.11.41","3.4.11.43","3.4.11.45","3.4.13.47","3.4.14.51","3.4.14.53","3.4.15.55","3.4.16.57","3.4.16.59","3.4.17.61","3.4.17.63","3.4.18.65","3.4.2.16","3.4.2.17","3.4.3.18","3.4.4.19","3.4.5.20","3.4.6.27","3.4.7.28","3.4.8.29","3.4.9.31","3.4.9.33","4.0.0.21","4.0.1.23","4.0.1.24","4.1.0.25","4.1.1.26","4.1.2.30","4.2.0.32","4.2.0.34","4.3.0.36","4.3.0.38","4.4.0.40","4.4.0.42","4.4.0.44","4.4.0.46","4.5.1.48","4.5.2.52","4.5.2.54","4.5.3.56","4.5.4.58","4.5.4.60","4.5.5.62","4.5.5.64","4.6.0.66","4.7.0.68","4.7.0.72","4.8.0.74","4.8.0.76"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-python/PYSEC-2023-183.yaml"}}],"schema_version":"1.7.3"}