GHSA-jh2j-j4j9-crg3: 
Python vulnerability analysis and mitigation

The opencv-python-headless package versions before v4.8.1.78 contained bundled libwebp binaries that were vulnerable to CVE-2023-4863, a heap buffer overflow vulnerability. This vulnerability was discovered in libwebp, affecting Google Chrome prior to version 116.0.5845.187 and libwebp versions before 1.3.2 (NVD, GitHub Advisory).

The vulnerability is classified as a heap buffer overflow (CWE-787) that allows remote attackers to perform an out-of-bounds memory write via a crafted HTML page. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high severity impacts on confidentiality, integrity, and availability (NVD).

The vulnerability can lead to remote code execution through out-of-bounds memory writes, potentially allowing attackers to execute arbitrary code on affected systems. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability when successfully exploited (NVD).

The vulnerability has been patched in opencv-python-headless version 4.8.1.78 which includes the updated libwebp 1.3.2. Users are strongly advised to upgrade to this version or later to mitigate the vulnerability. The fix involves updating the bundled libwebp binary to version 1.3.2 (GitHub Advisory).