{"id":"PYSEC-2026-726","summary":"Out-of-bounds Read in OpenCV","details":"OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.","aliases":["CVE-2019-16249","GHSA-x3rm-644h-67m8"],"modified":"2026-07-06T08:00:49.643926756Z","published":"2026-07-02T14:13:13.066573Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16249"},{"type":"WEB","url":"https://github.com/opencv/opencv/issues/15481"},{"type":"WEB","url":"https://github.com/opencv/opencv/pull/15531"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752702"},{"type":"PACKAGE","url":"https://github.com/opencv/opencv-python"},{"type":"WEB","url":"https://github.com/opencv/opencv-python/releases/tag/30"},{"type":"PACKAGE","url":"https://pypi.org/project/opencv-contrib-python-headless"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x3rm-644h-67m8"}],"affected":[{"package":{"name":"opencv-contrib-python-headless","ecosystem":"PyPI","purl":"pkg:pypi/opencv-contrib-python-headless"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.2.30"}]}],"versions":["3.4.0.14","3.4.1.15","3.4.10.37","3.4.11.39","3.4.11.41","3.4.11.43","3.4.11.45","3.4.13.47","3.4.14.51","3.4.14.53","3.4.15.55","3.4.16.57","3.4.16.59","3.4.17.61","3.4.17.63","3.4.18.65","3.4.2.17","3.4.3.18","3.4.4.19","3.4.5.20","3.4.6.27","3.4.7.28","3.4.8.29","3.4.9.33","4.0.0.21","4.0.1.23","4.0.1.24","4.1.0.25","4.1.1.26"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python-headless/PYSEC-2026-726.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}