Version 4.10.0.84

opencv-python

Automated CI toolchain to produce precompiled opencv-python, opencv-python-headless, opencv-contrib-python and opencv-contrib-python-headless packages.

Install Instructions

pip install opencv-python
Current Version Release Date June 18, 2024
Language Python
Package URL (purl) pkg:pip/opencv-python@4.10.0.84

Find opencv-python vulnerabilities in your supply chain.

Scan for Free

opencv-python Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2019-14493 High 7.5 CWE-476 0.00316 0.71117
  • 4.0.0.21–4.1.0.25
  • 3.4.0.12–3.4.18.65
CVE-2019-15939 Medium 5.9 CWE-369 0.00374 0.73444
  • 4.0.0.21–4.1.0.25
  • 3.4.0.12–3.4.18.65
CVE-2019-16249 Medium 5.3 CWE-125 0.00066 0.30659
  • 4.0.0.21–4.1.1.26
  • 3.4.0.12–3.4.18.65
CVE-2019-19624 Medium 6.5 CWE-125 0.00117 0.46914
  • 4.0.0.21–4.0.1.24
  • 3.4.0.12–3.4.18.65
CVE-2019-5063 High 8.8 CWE-787 0.13687 0.95814
  • 4.0.0.21–4.1.0.25
  • 3.4.0.12–3.4.18.65
CVE-2019-5064 High 8.8 CWE-787 0.03184 0.91477
  • 4.0.0.21–4.1.2.30
  • 3.4.0.12–3.4.18.65
CVE-2019-9423 High 7.8 CWE-787 0.00042 0.05119
  • 4.0.0.21–4.1.1.26
  • 3.4.0.12–3.4.18.65
CVE-2017-18009 High 7.5 CWE-125 0.00086 0.37861
  • 3.4.0.12–3.4.0.14
CVE-2018-5268 Medium 5.5 CWE-787 0.00087 0.38148
  • 3.4.0.12–3.4.0.14
CVE-2018-5269 Medium 5.5 CWE-617 0.00085 0.37622
  • 3.4.0.12–3.4.0.14
CVE-2019-14491 High 8.2 CWE-125 0.00685 0.80626
  • 4.0.0.21–4.1.0.25
  • 3.4.0.12–3.4.6.27
CVE-2019-14492 High 7.5 CWE-125, CWE-787 0.00333 0.71903
  • 4.0.0.21–4.1.0.25
  • 3.4.0.12–3.4.6.27

opencv-python Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2019-9423 In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-5064 An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-5063 An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-19624 An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-16249 OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-15939 An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-14493 An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. 3.4.18.65, 3.4.17.61, 3.4.0.12, 3.4.9.33, 3.4.11.43, 3.4.16.59, 3.4.14.53, 3.4.5.20 (Show all) Patch → 4.2.0.32
CVE-2019-14492 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. 3.4.0.12, 3.4.5.20, 3.4.2.16, 3.4.2.17, 4.0.1.23, 4.1.0.25, 3.4.3.18, 3.4.6.27 (Show all) Patch → 4.2.0.32
CVE-2019-14491 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. 3.4.0.12, 3.4.5.20, 3.4.2.16, 3.4.2.17, 4.0.1.23, 4.1.0.25, 3.4.3.18, 3.4.6.27 (Show all) Patch → 4.2.0.32
CVE-2018-5269 In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. 3.4.0.12, 3.4.0.14 Patch → 4.2.0.32
CVE-2018-5268 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. 3.4.0.12, 3.4.0.14 Patch → 4.2.0.32
CVE-2017-18009 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. 3.4.0.12, 3.4.0.14 Patch → 4.2.0.32

Instantly see if these opencv-python vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of opencv-python affected by its vulnerabilities

Dependent Packages
numpy>=1.13.3; python_version < "3.7"
numpy>=1.21.0; python_version <= "3.9" and platform_system == "Darwin" and platform_machine == "arm64"
numpy>=1.21.2; python_version >= "3.10"
numpy>=1.21.4; python_version >= "3.10" and platform_system == "Darwin"
numpy>=1.23.5; python_version >= "3.11"
numpy>=1.26.0; python_version >= "3.12"
numpy>=1.19.3; python_version >= "3.6" and platform_system == "Linux" and platform_machine == "aarch64"
numpy>=1.17.0; python_version >= "3.7"
numpy>=1.17.3; python_version >= "3.8"
numpy>=1.19.3; python_version >= "3.9"