GHSA-cxjf-x6jp-p7mc: 
Python vulnerability analysis and mitigation

The vulnerability (GHSA-cxjf-x6jp-p7mc) affects opencv-contrib-python versions before v4.8.1.78, which bundled libwebp binaries in wheels that were vulnerable to CVE-2023-4863. This heap buffer overflow vulnerability in libwebp allows remote attackers to perform an out-of-bounds memory write via a crafted HTML page (GITHUB_ADVISORY, LIBWEBP_ADVISORY).

The vulnerability is classified as a heap buffer overflow (CWE-787) with a CVSS v3.1 base score of 8.8 (High). The attack vector is network-based, with low attack complexity and no privileges required, though it does require user interaction. The vulnerability affects confidentiality, integrity, and availability, all with high impact ratings (LIBWEBP_ADVISORY).

If exploited, this vulnerability could allow attackers to perform out-of-bounds memory writes, potentially leading to code execution or system compromise. The vulnerability has high impact ratings for confidentiality, integrity, and availability, indicating significant potential consequences if successfully exploited (LIBWEBP_ADVISORY).

The vulnerability has been patched in opencv-contrib-python version 4.8.1.78, which upgrades the bundled libwebp binary to v1.3.2. Users are strongly advised to upgrade to this version or later to mitigate the vulnerability (GITHUB_ADVISORY).