PYSEC-2026-717

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-717.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-717
Aliases
Published
2026-07-02T14:13:11.936447Z
Modified
2026-07-06T08:00:13.684592269Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Integer Overflow or Wraparound in OpenCV
Details

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function PxMDecoder::readData has an integer overflow when calculate srcpitch. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

References

Affected packages

PyPI / opencv-contrib-python

Package

Name
opencv-contrib-python
View open source insights on deps.dev
Purl
pkg:pypi/opencv-contrib-python

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1.11

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/opencv-contrib-python/PYSEC-2026-717.yaml"