PYSEC-2026-699

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-699.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-699
Aliases
Published
2026-07-02T14:13:11.851507Z
Modified
2026-07-06T08:00:48.556702908Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Details

In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

References

Affected packages

PyPI / opencv-contrib-python

Package

Name
opencv-contrib-python
View open source insights on deps.dev
Purl
pkg:pypi/opencv-contrib-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1.11

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-699.yaml"