CVE-2022-27406

Advisory

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Changes:
- Updated third-party libraries to fix potential vulnerabilities. [666](https://github.com/opencv/opencv-python/pull/666)
- Added support for building Windows ARM64 Python package. [644](https://github.com/opencv/opencv-python/pull/644)
- The repository has been synchronized with scikit-build [`0.14.0`](https://github.com/scikit-build/scikit-build/releases/tag/0.14.0) release. [#637](https://github.com/opencv/opencv-python/pull/637)
- This release produced with libpng `1.6.37` and supports eXIf orientation tag. [662](https://github.com/opencv/opencv-python/issues/662)

64
opencv-python: https://pypi.org/project/opencv-python/
opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/
opencv-python-headless: https://pypi.org/project/opencv-python-headless/
opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

Resources

• https://pypi.org/project/opencv-python
• https://pyup.io/changelogs/opencv-python/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406