{"id":"PYSEC-2023-174","details":"imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.","modified":"2026-01-30T00:53:22.665032Z","published":"2023-09-20T05:30:34.993050Z","related":["CVE-2023-4863","CVE-2023-5129"],"references":[{"type":"ADVISORY","url":"https://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5129"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"}],"affected":[{"package":{"name":"imagecodecs","ecosystem":"PyPI","purl":"pkg:pypi/imagecodecs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2023.9.18"}]}],"versions":["2018.10.10","2018.10.18","2018.10.22","2018.10.28","2018.10.30","2018.11.8","2018.12.1","2018.12.12","2018.12.16","2019.1.1","2019.1.14","2019.11.18","2019.11.28","2019.11.5","2019.12.31","2019.2.2","2019.2.20","2019.2.22","2019.4.20","2020.1.31","2020.12.24","2020.2.18","2020.5.30","2021.1.11","2021.1.28","2021.11.11","2021.11.20","2021.2.26","2021.3.31","2021.4.28","2021.6.8","2021.7.30","2021.8.26","2022.12.22","2022.12.24","2022.2.22","2022.7.27","2022.7.31","2022.8.8","2022.9.26","2023.1.23","2023.3.16","2023.7.10","2023.7.4","2023.8.12","2023.9.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/imagecodecs/PYSEC-2023-174.yaml"}}],"schema_version":"1.7.3"}