After installing opencv-python-headless and opencv-contrib-python via Poetry on Linux x86_64, I find the following libpng shared objects:
.venv/lib/python3.13/site-packages/opencv_python_headless.libs/libpng16-04239421.so.16.48.0
.venv/lib/python3.13/site-packages/opencv_contrib_python.libs/libpng16-1bde1c40.so.16.43.0
Versions of libpng between 1.6.26 and 1.6.53 (inclusive) have CVE-2026-22801. Searching the opencv GitHub organization for libpng, the only version numbers I see are vulnerable.
Could you please upgrade the bundled versions of libpng to 1.6.54 and make new OpenCV releases? This would be very helpful, as automated vulnerability scanners are currently flagging this.
After installing
opencv-python-headlessandopencv-contrib-pythonvia Poetry on Linux x86_64, I find the followinglibpngshared objects:Versions of
libpngbetween 1.6.26 and 1.6.53 (inclusive) have CVE-2026-22801. Searching theopencvGitHub organization forlibpng, the only version numbers I see are vulnerable.Could you please upgrade the bundled versions of
libpngto 1.6.54 and make new OpenCV releases? This would be very helpful, as automated vulnerability scanners are currently flagging this.