Security Risk: av-4.11.0.86 includes vulnerable libgfortran version (CVE-2014-5044)

Hi maintainers,
I’ve detected that the PyPI package `opencv-python-4.11.0.86` includes a binary dependency (`opencv_python.libs/libgfortran-91cc3cb1.so.3.0.0`), which is vulnerable to **CVE-2014-5044**.

**CVE Details:**
- **Description:**  Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
- **Affected versions**: `libgfortran < 4.8`
- **More info**: 
	- https://nvd.nist.gov/vuln/detail/CVE-2014-5044
	- http://www.openwall.com/lists/oss-security/2014/07/24/1


**Recommended Action:**

Please consider upgrade `libgfortran` to 4.8 or later to mitigate the vulnerability. This will help downstream users avoid potential security issues caused by the bundled vulnerable binary.

Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Risk: av-4.11.0.86 includes vulnerable libgfortran version (CVE-2014-5044) #1101

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Risk: av-4.11.0.86 includes vulnerable libgfortran version (CVE-2014-5044) #1101

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions