MEDIUM 5.5
PYSEC-2026-708
Improper Input Validation in OpenCV
Details
OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. This issue was fixed in OpenCV version 3.3.1 (corresponding to OpenCV 3.3.1.11).
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / opencv-contrib-python
Introduced in:
0 Fixed in: 3.3.1.11 Fix
pip install --upgrade 'opencv-contrib-python>=3.3.1.11' References
- https://nvd.nist.gov/vuln/detail/CVE-2016-1517 [ADVISORY]
- https://github.com/opencv/opencv/issues/5956 [WEB]
- https://github.com/opencv/opencv/pull/9376 [WEB]
- https://arxiv.org/pdf/1701.04739.pdf [WEB]
- https://github.com/opencv/opencv-python [PACKAGE]
- https://pypi.org/project/opencv-contrib-python [PACKAGE]
- https://github.com/advisories/GHSA-fffj-9qwg-qmh5 [ADVISORY]