PYSEC-2023-184 — Vulnetix

PYSEC-2023-184 PUBLISHED

opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2.

Affected Products

Vendor	Product	Versions
PyPI	opencv-python-headless	3.4.10.35, 3.4.10.37, 3.4.11.41

Timeline

Sep 29, 2023 CVE Updated
Sep 29, 2023 CVE Published
Oct 5, 2023 PoC Published
Apr 28, 2025 PoC Published
Mar 7, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2023-4863 advisory
https://github.com/opencv/opencv/wiki/ChangeLog#version481 advisory
https://github.com/opencv/opencv/pull/24274 fix

Open in Interactive Console →