In OpenCV 3.3.1 (corresponding with OpenCV-Python 3.3.1.11), a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-702.yaml"