There is a vulnerability in the library that Opencv-python depends on.

[Norman416]

Expected behaviour

I use opencv-python to do some image and video processing

Actual behaviour

Write here what went wrong.

Steps to reproduce

• CentOS
• x86
• opencv-python==4.5.4.58
  libpng 1.5.13 CVE-2014-9495 CVE-2015-8540 CVE-2016-10087 CVE-2015-0973 CVE-2015-8472 CVE-2013-7353
  ffmpeg 4.3.2 CVE-2021-38291 CVE-2020-22042 CVE-2020-22038 CVE-2020-22019 CVE-2020-22037
  openssl 1.1.1g CVE-2021-3711 CVE-2021-23840 CVE-2021-3712 CVE-2020-1971 CVE-2021-23841 CVE-2021-3449

Issue submission checklist

• This is not a generic OpenCV usage question (looking for help for coding, other usage questions, homework etc.)
• I have read the README of this repository and understand that this repository provides only an automated build toolchain for OpenCV Python packages (there is no actual OpenCV code here)
• The issue is related to the build scripts in this repository, to the pre-built binaries or is a feature request (such as "please enable this additional dependency")
• I'm using the latest version of opencv-python

[asenyaev]

Hi @Norman416!

I have updated a docker image to use the latest releases of these libraries:

• libpng 1.6.37
• ffmpeg 4.4.1
• openssl 1.1.1m

Could you tell me, how I can check a package on a vulnerability?

[Norman416]

The tool I use is woodpecker.
https://woodpecker.co/vulnerability-disclosure-program/

[asmorkalov]

Done with releases 4.5.5.64 and 3.4.17.63.