PYSEC-2023-174

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/imagecodecs/PYSEC-2023-174.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-174
Related
Published
2023-09-20T05:30:34.993050Z
Modified
2023-09-20T05:12:42.403706Z
Summary
[none]
Details

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.

References

Affected packages

PyPI / imagecodecs

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.9.18

Affected versions

2018.*

2018.10.10
2018.10.18
2018.10.22
2018.10.28
2018.10.30
2018.11.8
2018.12.1
2018.12.12
2018.12.16

2019.*

2019.1.1
2019.1.14
2019.2.2
2019.2.20
2019.2.22
2019.4.20
2019.11.5
2019.11.18
2019.11.28
2019.12.31

2020.*

2020.1.31
2020.2.18
2020.5.30
2020.12.24

2021.*

2021.1.11
2021.1.28
2021.2.26
2021.3.31
2021.4.28
2021.6.8
2021.7.30
2021.8.26
2021.11.11
2021.11.20

2022.*

2022.2.22
2022.7.27
2022.7.31
2022.8.8
2022.9.26
2022.12.22
2022.12.24

2023.*

2023.1.23
2023.3.16
2023.7.4
2023.7.10
2023.8.12
2023.9.4