PYSEC-2023-174

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/imagecodecs/PYSEC-2023-174.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-174

Related

CVE-2023-4863
CVE-2023-5129

Published

2023-09-20T05:30:34.993050Z

Modified

2023-09-20T05:12:42.403706Z

Summary

[none]

Details

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.

References

Affected packages

PyPI / imagecodecs

Package

Name: imagecodecs; View open source insights on deps.dev
Purl: pkg:pypi/imagecodecs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.9.18

Affected versions

2018.*

2018.10.10

2018.10.18

2018.10.22

2018.10.28

2018.10.30

2018.11.8

2018.12.1

2018.12.12

2018.12.16

2019.*

2019.1.1

2019.1.14

2019.2.2

2019.2.20

2019.2.22

2019.4.20

2019.11.5

2019.11.18

2019.11.28

2019.12.31

2020.*

2020.1.31

2020.2.18

2020.5.30

2020.12.24

2021.*

2021.1.11

2021.1.28

2021.2.26

2021.3.31

2021.4.28

2021.6.8

2021.7.30

2021.8.26

2021.11.11

2021.11.20

2022.*

2022.2.22

2022.7.27

2022.7.31

2022.8.8

2022.9.26

2022.12.22

2022.12.24

2023.*

2023.1.23

2023.3.16

2023.7.4

2023.7.10

2023.8.12

2023.9.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/imagecodecs/PYSEC-2023-174.yaml"