{"id":"PYSEC-2026-2802","summary":"Out-of-bounds Write in OpenCV","details":"An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 (corresponds with OpenCV-Python version 4.1.2.30). A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.","aliases":["CVE-2019-5064","GHSA-q799-q27x-vp7w","PYSEC-2026-2828","PYSEC-2026-2841","PYSEC-2026-725"],"modified":"2026-07-13T16:43:03.028044223Z","published":"2026-07-09T16:49:38.412160Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5064"},{"type":"WEB","url":"https://github.com/opencv/opencv/issues/15857"},{"type":"PACKAGE","url":"https://github.com/opencv/opencv-python"},{"type":"WEB","url":"https://github.com/opencv/opencv-python/releases/tag/32"},{"type":"WEB","url":"https://github.com/opencv/opencv/releases/tag/4.2.0"},{"type":"WEB","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"PACKAGE","url":"https://pypi.org/project/opencv-contrib-python"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-q799-q27x-vp7w"}],"affected":[{"package":{"name":"opencv-contrib-python","ecosystem":"PyPI","purl":"pkg:pypi/opencv-contrib-python"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0.32"}]}],"versions":["3.4.10.35","3.4.10.37","3.4.11.39","3.4.11.41","3.4.11.43","3.4.11.45","3.4.13.47","3.4.14.51","3.4.14.53","3.4.15.55","3.4.16.57","3.4.16.59","3.4.17.61","3.4.17.63","3.4.18.65","3.4.2.17","3.4.3.18","3.4.4.19","3.4.5.20","3.4.6.27","3.4.7.28","3.4.8.29","3.4.9.31","3.4.9.33","4.0.0.21","4.0.1.23","4.0.1.24","4.1.0.25","4.1.1.26","4.1.2.30"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-2802.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}