PYSEC-2023-174 — Vulnetix

Try Vulnetix Request Demo

PYSEC-2023-174 PUBLISHED

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.

Affected Products

Vendor	Product	Versions
PyPI	imagecodecs	2018.10.10, 2018.10.18, 2018.10.22

Timeline

Sep 20, 2023 CVE Updated
Sep 20, 2023 CVE Published
Oct 5, 2023 PoC Published
Apr 28, 2025 PoC Published
Mar 7, 2026 Security Advisory
Mar 7, 2026 Security Advisory

References

https://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-5129 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-4863 advisory

Open in Interactive Console →