VDB
KO
HIGH 8.8

PYSEC-2026-717

Integer Overflow or Wraparound in OpenCV

Details

In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 (corresponding to OpenCV-Python 3.3.0.9) and earlier.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / opencv-contrib-python
Introduced in: 0 Fixed in: 3.3.1.11
Fix pip install --upgrade 'opencv-contrib-python>=3.3.1.11'

References