GHSA-94vc-p8w7-5p49
Suggest an improvement- Source
- https://github.com/advisories/GHSA-94vc-p8w7-5p49
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-94vc-p8w7-5p49/GHSA-94vc-p8w7-5p49.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-94vc-p8w7-5p49
- Published
- 2023-10-05T00:07:46Z
- Modified
- 2024-11-28T05:41:59.007222Z
- Summary
- Bundled libwebp in imagecodecs vulnerable
- Details
-
imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "nvd_published_at": null, "cwe_ids": [], "github_reviewed_at": "2023-10-05T00:07:46Z" }- References
Affected packages
PyPI / imagecodecs
Package
- Name
- imagecodecs
- View open source insights on deps.dev
- Purl
- pkg:pypi/imagecodecs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2023.9.18
Affected versions
2018.*
2018.10.10
2018.10.18
2018.10.22
2018.10.28
2018.10.30
2018.11.8
2018.12.1
2018.12.12
2018.12.16
2019.*
2019.1.1
2019.1.14
2019.2.2
2019.2.20
2019.2.22
2019.4.20
2019.11.5
2019.11.18
2019.11.28
2019.12.31
2020.*
2020.1.31
2020.2.18
2020.5.30
2020.12.24
2021.*
2021.1.11
2021.1.28
2021.2.26
2021.3.31
2021.4.28
2021.6.8
2021.7.30
2021.8.26
2021.11.11
2021.11.20
2022.*
2022.2.22
2022.7.27
2022.7.31
2022.8.8
2022.9.26
2022.12.22
2022.12.24
2023.*
2023.1.23
2023.3.16
2023.7.4
2023.7.10
2023.8.12
2023.9.4